During 2018, approximately 440 millions of Android users downloaded and installed applications from the official Google Play Store containing a library that displayed aggressive non-apps.
This promotional library, called BeiTaPlugin, was found embedded in 238 applications, according to Kristina Balaam, a Lookout Security technician.
Balaam reports that the Lookout company informed Google about the behavior of that particular library and that Google in turn informed all application developers who used it in their applications.
"As of May 23, 2019, most of the 230 apps that were on Google Play have been removed or updated to new releases without the BeiTa add-on," Balaam said.
Somewhere in February and March, users of BeiTaPlugin's applications began to notice too many ads and pop-ups appear outside of apps, blocking access to the screen and phone features.
"Users reported that they could not answer calls or open other applications due to the nature of the ads being displayed."
BeiTaPlugin's developers seem to have known exactly this behavior and tried to hide the aggressive advertising practices of the SDK.
They delayed the display of ads and pop-ups for the first 24 hours after opening the infected application on any Android device. So it was quite difficult for a user to locate the source of the ads.
Balaam also released a list of 238 Android applications that were once using BeiTaPlugin code.
- Turla durable tools bypass detection mechanisms
- Google Automatically delete Web & App Activity data
- Google Chrome 75 has just been released with hidden Reader Mode
- Microsoft Exchange email hijacking tool is released online
- Silk Road 2 manager's collaboration with the FBI