- Bitdefender has found more than 300 Android applications used to display unwanted ads
- So far, almost all applications have been deleted from the Play Store
- Some applications have even tried to steal sensitive data
Hundreds of Android applications, installed millions of times from the Google Play Store, were part of a large -scale advertising fraud campaign that displayed unwanted advertisements and tried to steal sensitive data from the victims, experts warned.
Bitdefender cybersecurity researchers, who also credited IAS Threat Lab, said they discovered at least 331 applications available via the Google Play Store which, cumulatively, has raised more than 60 million downloads, mainly on older Android variants (Android 13 and more).
Applications imitated simple utility applications such as QR scanners, expenditure monitoring applications, health applications, wallpaper applications and others.
Protect your Android phone
Most applications became active for the first time on Google Play in the third quarter of 2024, and when Bitdefender searches have finished, only 15 remained active. The vast majority of victims are located in Brazil, followed by the United States, Mexico, Turkey and South Korea.
When the victims have downloaded one of the applications, they first hide their icons from the launcher (something that is only possible on the older versions of Android). The applications have kept “certain features”, but they are able to display out -of -context announcements on other applications in the foreground. Some are trying to collect user identification information, credit card data and other information.
Some applications can even start without user interaction, which should not be possible even on Android 13.
Although ultimately all applications will be deleted from the Play Store, the people who have installed them on their devices remain in danger. If your Android smartphone acts strange (lagging behind, displaying ads on different ads, overheating expenditure data while being inactive), be sure to delete all unwanted applications or those that you do not actively use.
In addition, if possible, be sure to use the latest version of Android. For the moment, it is Android 15, with the next iteration scheduled later in 2025.
Edit, March 20 – A Google spokesperson confirmed that all malicious applications have been deleted from the Play Store:
“All the identified applications of this report have been deleted from Google Play. Android users are also automatically protected by Google Play Protect, which is by default on Android devices with Google Play Services,” the spokesperson told us in an email.
