Several adware, malware, and phishing apps masquerading as system optimizers and utilities have been downloaded more than two million times cumulatively from the Google Play Store, reports BleepingComputer.
Dr. Web researchers discovered that one of the malicious apps dubbed "TubeBox," which purports to offer monetary rewards for ad and video viewing, has been downloaded one million times and continues to be on the Play Store.
However, other adware apps, including "Bluetooth device auto connect," which also has one million downloads, have already been removed.
Commands from Firebase Cloud Messaging have been retrieved by the removed adware apps to facilitate the loading of websites in the commands and prompt fraudulent ad impressions.
The report also showed numerous loan scam apps with an average of 10,000 downloads claiming to be directly associated with Russian banking and investment entities. Malvertising in other apps has been used to promote the malicious apps, which redirect users to phishing apps to enable data collection.
BleepingComputer reports that more than 12 million Android devices have collectively downloaded 18 malicious loan apps dubbed "SpyLoan," which could exfiltrate not only call logs, local Wi-Fi network information, and image metadata but also text messages, location information, and contact lists.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news