News

440 million Android users installed applications with an aggressive advertising plugin

Lookout specialists found that more than 440,000,000 users downloaded and installed 238 applications from the official Google Play catalog, infected with the BeiTaPlugin advertising library.

Since the researchers urgently notified Google of their discovery, and the company contacted application’s developers, 230 problematic applications have already been removed from the catalog or updated to safe versions that do not contain BeiTaAd.

“BeiTaAd is a well-obfuscated advertising plugin hidden within a number of popular applications in Google Play. The plugin forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep, and displays out-of-app ads that interfere with a user’s interaction with other applications on their device”, — argue Lookout experts.

BeiTaPlugin SDK existed since the beginning of 2018, and previously it worked as originally intended: it provided application developers with a simple tool for displaying advertisements within their applications.

Developers trusted the SDK because it was created by the famous Chinese company CooTek, which used it as an advertising component for its own TouchPal application (a keyboard that was installed over 100,000,000 times).

Read also: In Google Play Store found nearly half a hundred of malware programs that mask under fitness applications

BeiTaPlugin began to abuse its options only in the spring of this year. In February-March, developers began to notice that the number of advertisements and pop-up windows increased, and they appeared unexpectedly, outside of running applications, and blocked access to the screen and phone functions.

Lookout experts write that it is almost impossible to use a device because of such an advertisement: it makes it difficult to answer calls, work with applications, and so on.

Apparently, authors of BeiTaPlugin understood that such behavior of their SDK would not be perceived too well and tried to disguise aggressive advertising practices by obfuscating a code. In addition, applied delay in displaying any advertisements for 24 hours after the first launch of an infected application, making it difficult to detect the exact source of advertisements.

Users are advised to update such applications or remove them altogether from their devices.

Source: https://blog.lookout.com

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago