Forty-two apps full of adware and 8 million downloads to consumers’ digital devices. What’s that spell? Trouble.
Threat detection software company ESET published a report on Thursday that its data scientists had uncovered a massive, year-long adware scheme involving Google Play. The scheme centers around adware-laden apps disguised both as games and utility apps. The researchers say the apps worm their way into a device’s configuration data and then display ads that the attacker profits from.
If you’re an Android/Google Play user, you can breathe a sigh of relief. Half of the 42 apps no longer exist on Google Play. When ESET reported the issue to Google, the company immediately yanked the remaining half from the store.
If you’re an Apple-leaning consumer, there’s also good news. The ESET researchers did find apps from the same developer in the Apple App Store, but, interestingly, none contained adware functionality.
The deal with adware
Because of the pervasiveness and the can-do-anything ability of mobile platforms, it’s a natural hunting ground for money-hungry cybercriminals.
“Delivering adware, for example, enables them to monetize affected devices while attempting to be innocuous,” says Ecular Xu, a mobile threat response engineer at TrendMicro. “And while they may be viewed as a nuisance at best, mobile ad fraud -- and adware-related incidents became so rampant last year that it cost businesses hefty financial losses.”
Whipping the problem
As hard as Big Tech and threat detection software developers try to fight off cybercrime activity, it’s a losing game at the moment.
In 2018, the Federal Trade Commission (FTC) processed more than a million fraud activity reports that cost consumers $1.48 billion in losses. On average, cybercriminals attack digital devices more than 5,000 times a month.
Despite that, the consumer world is starting to get wise to fraudsters. “The Identity Theft Resource Center predicts that consumers will become more knowledgeable about how data breaches work and expect companies to provide more information about the specific types of data breached and demand more transparency in general in data breach reports,” writes Rob Douglas, a ConsumerAffairs contributor.
However, fraudsters find out where the gullible are and keep going after them, Douglas says. “People who have previously been affected by identity theft are at a greater risk for future identity theft and fraud...7-10 percent of the U.S. population are victims of identity fraud each year, and 21 percent of those experience multiple incidents of identity fraud.”
Be on guard when it comes to “free” apps
When perusing any app store, be it Android or Apple, consumers should pay close attention to the word “free.”
“There are two main ways by which adware sneaks onto your system. In the first one, you download a program -- usually freeware or shareware -- and it quietly installs adware without your knowledge, or permission,” says Malwarebytes.
“That’s because the program’s author signed up with the adware vendor. Why? Because the revenue generated by the advertisements enables the program to be offered gratis (although even paid software from an untrustworthy source can deliver an adware payload). Then the adware launches its mischief, and the user learns there’s a price to pay for ‘free.’”