Cybersecurity experts have uncovered a troubling new adware campaign that specifically targets Korean Android users. McAfee’s Mobile Research Team brought this campaign to light, revealing that certain apps available on Google Play discreetly load ads even when a user’s device screen is turned off.
While this might initially appear as a way for developers to profit without inconveniencing users with intrusive ads, it starkly violates Google Play Developer policies. This deceitful ad-loading not only defrauds advertisers who unwittingly pay for invisible ads, but it also adversely impacts users in various ways.
A total of 43 rogue apps engaged in this ad fraud, collectively amassing a staggering 2.5 million downloads. Among the affected applications are popular categories such as TV/DMB players, music downloaders, news, and calendar apps.
The ad fraud library utilized by these apps is impressively intricate, employing delay tactics to evade detection. Adding another layer of complexity, the fraudulent behavior can be remotely manipulated and deployed via Firebase Storage or Messaging service.
Once installed, the adware acquires specific permissions like “power saving exclusion” and “draw over other apps,” facilitating covert activities in the device’s background. This allows for even more malicious behavior, including the display of phishing pages and ads that users are unaware of. Particularly concerning is the fact that the ad fraud activates when the device screen is turned off, fetching and loading ads without the user’s knowledge.
Despite this stealthy approach, McAfee took swift action by reporting these malicious apps to Google, leading to the removal of many from the Play Store, while others received updates to align with Google’s policies.
