More than 50 applications found at Google Play Store have infected around 55 million Android users with adware. This is something that seems to be happening for the umpteenth time.
According to researchers by Sophos Security, Android XavirAd was detected in several apps in the Play Store. The adware displays annoying ads to the infected users and collects personal information sent to some remote server. So far, up to 55 million users are believed to have been infected.
Some of the 50 apps on Google Play that contain adware have over one million downloads. Overall, the number of downloads increases to about 55 million downloads.
Due to adware, users see a full-screen ad at regular intervals, even if the infected application is closed. These ads will guide you to installing other apps.
The Google Play Store is full of complaints about these apps, as many users have noticed and reported scandalous behavior.
“However, XavirAd can do much more than display ads. After the application is launched, the XavirAd library communicates with its server and gets the configuration code. The server responds with settings to display full-screen ads and stores them in shared preferences. The domain api-restlet.com is said to have been registered for this purpose ", point out the Sophos researchers.
The adware then uploads another .dex file from cloud.api-restlet.com, which collects data from the user's phone, such as address Google account email, list of installed apps, IMEI and AndroidID, screen resolution, manufacturer, operating system brand and version, SIM card information, and from apps. Data is encrypted and sent to the C&C server.
List of infected apps