Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Massive Adware Android Campaign

June 8, 2023
Reading Time: 2 mins read
in Alerts

 

Bitdefender has made a concerning revelation, uncovering over 60,000 Android apps in the last six months that install adware on Android devices.

By leveraging advanced anomaly detection technology, Bitdefender Mobile Security successfully detected the hidden adware campaign.

The analysis revealed that the adware was aggressively pushing itself onto Android devices to generate revenue, but the threat actors behind it could easily switch tactics to redirect users to more harmful forms of malware, such as banking Trojans or ransomware. Bitdefender has already discovered 60,000 distinct samples carrying the adware, with suspicions of many more lurking in the wild.

The adware predominantly targeted users in the United States (55.27%), followed by South Korea, Brazil, and Germany. The malicious apps were distributed through deceptive methods, posing as game cracks, unlocked features, free VPNs, fake videos, and counterfeit tutorials for popular platforms like Netflix, YouTube, and TikTok. These apps were hosted on third-party websites, as researchers did not find the same adware hidden in apps on Google Play.

Victims stumbled upon these malicious apps through Google searches, which redirected them to dedicated websites designed to distribute these packages.

To ensure persistence and elude detection, the adware employed various techniques. Since API 30, Google has eliminated the ability to hide the app icon on Android after the launcher is registered. However, if the app doesn’t register the launcher and relies on user interaction for the initial run, it can hide the app icon.

After installation, the app presents an “application is unavailable” message, leading the user to believe it was never installed. It lacks an icon in the launcher and utilizes a UTF-8 character in the label, making it harder to identify and uninstall.

Despite the appearance of an uninstall prompt, tapping “OK to uninstall” keeps the app dormant for two hours before registering intents to launch at boot or when the user interacts with the device, such as unlocking the phone.

Once the malicious app is launched, it retrieves an advertisement URL from the server and employs the mobile browser to load the ad, sometimes as a full-screen WebView ad. Bitdefender has provided Indicators of Compromise (IoCs) for this campaign, assisting users and security professionals in detecting and mitigating this adware threat.

These findings highlight the need for robust security measures and vigilance when downloading apps outside of trusted sources to protect against increasingly sophisticated threats targeting Android devices.

Reference:
  • Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology

Tags: AdwareAndroidBitdefenderCyber AlertCyber Alerts 2023June 2023Mobile SecurityRansomwareTrojans
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial