Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Adware cleaner apps promoted on Facebook sneaked into the Play Store

Several adware apps promoted aggressively on Facebook as system cleaners and optimizers for Android devices are counting millions of installations on Google Play store.

The apps lack all of the promised functionality and push advertisements while trying to last as long as possible on the device.

To evade deletion, the apps hide on the victim’s device by constantly changing icons and names, masquerading as Settings or the Play Store itself.

Installed app changing icon and name
Installed app changing icon and name (McAfee)

The adware apps abuse the Contact Provider Android component, which enables them to transfer data between the device and online services.

The subsystem is called every time a new app is installed, so the adware might be using it to initiate the ad-serving process. To the user it may look like the ads are pushed by the legitimate app they installed.

Researchers at McAfee discovered the adware apps. They note that users don’t have to launch them after installation to see the ads because the adware initiates itself automatically without any interaction.

The first action from these annoying apps is to create a permanent service for displaying the advertisements. If the process is “killed” (terminated), it re-launches immediately.

Malicious service re-launched almost immediately
Malicious service re-launched almost immediately (McAfee)

The following video shows how the name and icon of the adware changes automatically and how the ad-serving occurs without any interaction from the user.

Millions of downloads

As McAfee comments in the report, users are convinced to trust the adware apps because they see a Play Store link on Facebook, leaving little margin for doubt.

Facebook promotion for a cleaner app
Facebook promotion for a cleaner app (McAfee)

This has resulted in unusually high download numbers for the particular type of applications, as shown in the list below:

  1. Junk Cleaner, cn.junk.clean.plp, 1M+ downloads
  2. EasyCleaner, com.easy.clean.ipz, 100K+ downloads
  3. Power Doctor, com.power.doctor.mnb, 500K+ downloads
  4. Super Clean, com.super.clean.zaz, 500K+ downloads
  5. Full Clean -Clean Cache, org.stemp.fll.clean, 1M+ downloads
  6. Fingertip Cleaner, com.fingertip.clean.cvb, 500K+ downloads
  7. Quick Cleaner, org.qck.cle.oyo, 1M+ downloads
  8. Keep Clean, org.clean.sys.lunch, 1M+ downloads
  9. Windy Clean, in.phone.clean.www, 500K+ downloads
  10. Carpet Clean, og.crp.cln.zda, 100K+ downloads
  11. Cool Clean, syn.clean.cool.zbc, 500K+ downloads
  12. Strong Clean, in.memory.sys.clean, 500K+ downloads
  13. Meteor Clean, org.ssl.wind.clean, 100K+ downloads

Most affected users are based in South Korea, Japan, and Brazil, but the adware has unfortunately reached users worldwide.

Heatmap of infected Android users
Heatmap of infected Android users (McAfee)

The adware apps are no longer available on the Play Store. However, users that installed them have to remove them manually from the device.

System cleaners and optimizers are popular software categories despite the low benefits they provide. Cybercriminals know that a large number of users would try such solutions to prolong the life of their devices and often guise malicious apps as such.

Source: https://www.bleepingcomputer.com/news/security/adware-cleaner-apps-promoted-on-facebook-sneaked-into-the-play-store/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO