75 Android apps removed malicious adware from their code

Εβδομήντα πέντε Android εφαρμογές, που είναι διαθέσιμες για κατέβασμα από το επίσημο Google Play Store, έπρεπε να αφαιρέσουν μία κακόβουλη library για διαφημίσεις, η οποία περιείχε κρυφά ένα adware που ονομάζεται AdDown, και που το είχαν ανακαλύψει οι ερευνητές της Trend two years ago.

Android

This adware appeared in January 2015 and από την εμφάνιση διαφημίσεων σε μολυσμένες , είχε επίσης την ικανότητα να συλλέγει δεδομένα προσωπικού χαρακτήρα από τα θύματά του, και σε ένα σημείο θα μπορούσε ακόμα και να εγκαταστήσει κρυφά διάφορες εφαρμογές χωρίς να το γνωρίζει ο .

Over time, the αναφέρει ότι το adware ανιχνεύθηκε σε πάνω από 800 Android apps uploaded to the Play Store, usually as small utilities, such as wallpaper converters, photo editors, and lens.

After an in-depth analysis of the applications infected by AdDown over the past two years, the researchers were able to identify three basic stages of its evolution, called: Joymobile, Nativedown, and Xavier.

The first stage of adware evolution was its simplest version, but it was also the most annoying , which came equipped with a method to install third-party applications behind the user's back.

The second step removes this installation method, leaving only one user requiring approval, but it has improved to other features such as comms encryption, internal string obfuscation, and user-friendly filtering to better personalize ads.

The third and final phase of AdDown was first identified in September 2016 and while it had generally improved features compared to the second phase, support for detecting and avoiding the environment was also added. .

This version also removed the ability to install third-party applications, probably because the adware writer realized that adware would be more likely to remain unnoticed by showing ads occasionally and not forcing apps to smother the user in ads.

Experts say that over the past two years, millions of users seem to have downloaded and installed applications infected with one of these three AdDown adware versions. The Trend Micro researcher Mr. Ecular Xu said that AdDown was distributed to various application developers as an SDK ad, which explains why it was found in so many applications. Xu has published a list of previously infected apps but has now been removed by AdDown from their code:

 
PackageName Downloads Date Remove Xavier 
com.ijksoftware.pdfcreator.camscanner 10000-50000 2017/5/13
com.writeonpicture.textphoto 100000-500000 2017/5/13
com.inateam.cooler.master 500000-1000000 2017/5/13
com.equalizer.volumebooster 1000000-5000000 2017/5/13
com.styletext.font.textonphotos 100000-500000 2017/5/14
com.easytool.screenoff 100000-500000 2017/5/13
com.inateam.pdfreader 100000-500000 2017/5/13
com.placideagles.volumebooster 500000-1000000 2017/5/13
com.allinOne.openquickly 1000000-5000000 2017/5/13
com.inateam.ziprar 100000-500000 2017/5/13
com.coramobile.speedbooster.cleaner 1000000-5000000 2017/5/13
com.coramobile..antivirus 1000000-5000000 2017/5/12
com.cleaner.memorybooster.ramoptimizer 1000000-5000000 2017/5/13
com.coramobile.powerbattery.batterysaver 100000-500000 2017/5/12
com.pdfviewer.pdfreader.edit 500000-1000000 2017/5/13
com.cutterringtone.mp3cutter 100000-500000 2017/5/14
com.coramobile.phonecooler.cpucoolermaster 1000000-5000000 2017/5/12
com.autolockscreen.taptaplock 50000-100000 2017/5/13
com.easycapture.screenshot 50000-100000 2017/5/14
com.unziptool.rarextractor 50000-100000 2016/11/18
com.convertmp3.videoconverter 50000-100000 2017/5/13
com.lollicontact.caller 50000-100000 2017/5/13
com.fattys.automaticcallrecording 100000-500000 2017/5/13
com.ponosnocelleh.lolipoptheme 50000-100000 2017/5/13
com.ponosnocelleh.threedtheme 100000-500000 2017/5/13
com.mothrrmobile.volume 100000-500000 2017/5/13
com.greenapp.voicerecorder 10000-50000 2017/5/13
com.sunny.text2photo 100000-500000 2017/5/13
com.fingerprint.lockscreen.prank 100000-500000 2017/5/13
com.keeprr.cutpastephoto 100000-500000 2017/5/13
com.billowy.equalizer.bassbooster 100000-500000 2017/5/13
com.fattysgui.beautyfont 100000-500000 2017/5/13
com.aecenraw.emojionphoto 50000-100000 2017/5/13
com.appworksui.myfonts 100000-500000 2017/5/13
com.forecast.weatherlive.weather 10000-50000 2017/5/13
com.finder.photo.imagessearch 10000-50000 2017/5/13
com.galaxygame.fighterwar 100000-500000 2017/5/13
com.djayfree.mp3djmix 100000-500000 2017/5/13
com.qrscan.qrreader.qrcode 10000-50000 2017/5/13
com.yamagame.stormfighter 100000-500000 2017/5/13
com.minfiapps.screenshost_capture 100000-500000 2017/5/13
com.photogrid.frame.photocollage 10000-50000 2017/5/13
com.greenapp.slowmotion 100000-500000 2017/5/13
net.camspecial.clonecamera 500000-1000000 2017/5/13
com.rartool.superextract 100000-500000 2017/5/13
com.fattystudioringtone.mp3cutter 50000-100000 2017/5/13
com.aepictur.textphoto 100000-500000 2017/5/13
com.live3d.wallpaperlite 100000-500000 2017/5/13
com.xatedses.changehaircoloreye 100000-500000 2017/5/13
com.podhengy.haircolor 100000-500000 2017/5/13
com.mobilescreen.capture 100000-500000 2017/5/13
com.keeprr.textonphoto 100000-500000 2017/5/13
com.mobiletool.rootchecker 100000-500000 2017/5/13
com.galaxy.strikeforce 1000000-5000000 2017/5/13
com.podhengy.photoapp 50000-100000 2017/5/13
com.albumpro.videoslide.galleryphoto 50000-100000 2017/5/13
com.gpsonline.phonetracker 500000-1000000 2017/5/13
com.maxmitek.livewallpaperaquariumfishfish 50000-100000 2017/5/13
com.maxmitek.beachwallpaper 50000-100000 2017/5/13
com.xatedsesmobile.picturesketch 100000-500000 2017/5/13
com.efflicnetwork.ringtonecutter 50000-100000 2017/5/13
com.gigmobile.booster 100000-500000 2017/5/13
com.ponosnocelleh.launchers7 100000-500000 2017/5/13
com.magicvideo.editor.reversevideo 50000-100000 2017/5/12
com.azurersweet.djvirtual 500000-1000000 2017/5/12
com.sevideo.slideshow.videoeditor 1000000-5000000 2017/5/12
com.fourapps.musicplayer.videoplayer 100000-500000 2017/5/12
com.slowmotion.videoslow 500000-1000000 2017/5/12
com.fourvideo.videoshow.videoslide 1000000-5000000 2017/5/12
com.azurersweet.app2sdandremover 100000-500000 2017/5/12
com.azurer.vpnproxy.supervpn 500000-1000000 2017/5/12
com.azurersweet.launcher 50000-100000 2017/5/12
com.appgpfaq.prankcrackscreen 500000-1000000 2017/5/12
com.photoshow.videoeditor.slide 100000-500000 2017/5/12
com.azurersweet.beautymakeup 100000-500000 2017/5/12

iGuRu.gr The Best Technology Site in Greecefgns

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).