More than 50 applications found at Google Play Store have infected around 55 million Android users with adware. This is something that seems to be happening for the umpteenth time.
According to researchers by Sophos Security, Android XavirAd was detected in several apps in the Play Store. The adware displays annoying ads to the infected users and collects personal information which are sent to some remote server. So far, up to 55 million users are believed to have been infected.
Some of the 50 apps on Google Play that contain adware have over one million downloads. Overall, the number of downloads increases to about 55 million downloads.
Due to adware, users see a full-screen ad at regular intervals, even if the infected application is closed. These ads will guide you to installing other apps.
The Google Play Store is full of complaints about these apps, as many users have noticed and reported scandalous behavior.
“However, XavirAd can do much more than display ads. After the application is launched, the XavirAd library communicates with its server and gets the configuration code. The server responds with settings to display full-screen ads and stores them in shared preferences. The domain api-restlet.com has reportedly been registered for this purpose," the Sophos researchers point out.
The adware then uploads another .dex file from cloud.api-restlet.com, which collects data from the user's phone, such as the email address for the Google Account, the list of installed applications, the IMEI ID and AndroidID, screen resolution, manufacturer, operating system name and version, SIM card and application information. The data is encrypted and sent to the C&C server.
List of infected apps