Many more malicious Android apps flooded the Google Play Store. These apps targeted Android users with out-of-context and privacy intrusive ads.
Android Apps Showing Out-of-Context Ads
The WhiteOps Satori Threat Intelligence and Research Team has unveiled another wave of malicious Android apps. What they called RAINBOWMIX in their post, the apps collectively boasted over 14 million downloads.
These malicious Android apps showed out-of-context ads to Android users. Together, they had over 15 million ad impressions each day.
Briefly, they found more than 240 applications on Google Play Store with suspicious behavior. Although, they didn’t look malicious at first. Rather they somehow functioned as advertised. But they delivered a poor performance that made them receive a C-shaped review pattern (very high number of 1-star reviews after 5-star reviews).
Besides, they barraged users with irrelevant and unrelated ads that posed to have originated from otherwise legit sources, such as YouTube or Chrome.
The apps had various dedicated services that rendered the malicious functionalities. Also, these apps didn’t show ads at random instances. Rather they tracked users’ activities related to turning the screen on and off to show ads only when the screen is on. That’s how they constituted a dedicated ad fraud campaign ensuring every impression counts.
The apps also used packers to ditch various detection tools and bypass security protocols.
The complete list of all apps making up this campaign is available in the researchers’ post.
Google Removed The Apps
The researchers noticed the RAINBOWMIX have first appeared in April 2020. Whereas, the campaign reached its peak in August this year.
The majority of apps garnered downloads from Brazil (20.8%), followed by Indonesia (19.7%) and Vietnam (11.0%). Whereas the other countries to have users of these apps include Mexico, the US, and the Philippines.
While the campaign targeted millions of users, it’s now over as Google removed all the apps from the Play Store.