This article originally appeared in Infosecurity Magazine on June 7, 2019.
A new adware known as BeiTaAD was found embedded in 238 applications in the official Google Play store and have been installed by 440 million Android users, according to security researcher Kristina Balaam of Lookout.
“BeiTaAd is a well-obfuscated advertising plug-in hidden within a number of popular applications in Google Play. The plug-in forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep and displays out-of-app ads that interfere with a user’s interaction with other applications on their device,” Balaam wrote.
The ads displayed, which become visible at least 24 hours after the application is launched, are so pervasive that users impacted by the adware have reportedly been unable to answer calls or interact with other apps. Balaam said that on one of the Lookout test devices, the out-of-app ads did not appear until two weeks after the application, Smart Scan(com.qrcode.barcode.reader.scanner.free), was launched.
“There is a very fine – and, one could argue, diminishing – line between adware and malware. They exhibit similar behaviors for disseminating content and techniques for avoiding detection and analysis,” said Usman Rahim, digital security and operations manager for The Media Trust.
“Adware can also be vulnerable, as there is little to no incentive for developers to patch up the flaws, and can leak data. In the wrong hands, adware plug-ins can be used to distribute malicious code to commit theft and fraud on millions of users. Companies that monetize their apps by featuring ads must thoroughly vet their vendors and continuously monitor what these vendors do to users. The temptation for vendors to exploit access to users is great and can put developers at odds with current and forthcoming privacy regulations.”