Over 60,000 compromised Android apps found spreading adware — how to stay safe

smartphone with malware warning held in hands in front of a coffee
(Image credit: Shutterstock)

More than 60,000 Android apps posing as legitimate software have been secretly infecting the devices of unsuspecting users with adware over the course of the last six months.

As reported by BleepingComputer, the discovery of these new adware apps was made by the cybersecurity firm Bitdefender who found them after adding a new anomaly detection feature to its mobile antivirus app, Bitdefender Mobile Security.

While adware apps don’t pose the same threat that other more dangerous malicious apps do, they can still put your privacy at risk as well as your smartphone and other mobile devices. This is because the additional resources they need to load ads in the background puts a major drain on your battery while also eating up your data.

According to a blog post from Bitdefender, the malware powering these adware apps has “been live since at least October 2022” and it appears that this entire campaign is fully automated due to the high number of unique samples discovered. While the campaign has mainly targeted Android smartphone users in the U.S. so far, these fake adware apps have also been spotted in the U.K. as well as in Germany, Brazil and South Korea.

Tricking users into sideloading apps

It’s worth noting that none of these 60,000+ adware apps were hosted on the Google Play Store. Instead, the cybercriminals behind this campaign abused Google Search to drive users to their third-party websites.

If a user does click on one of these sites in their search engine, they are redirected to other websites that show ads or prompt them to download the app they were searching for. However, these download sites were created to distribute malicious Android apps as APK files that need to be side-loaded instead of installed through an official app store.

Once installed, these adware apps ask you to open them before an error message which reads “Application is unavailable in your region. Tap OK to uninstall” appears. However, doing this doesn’t actually uninstall the app. Instead, the app lays dormant for two hours before registering two ‘intents’ that cause it to launch when your smartphone boots up or is unlocked.

To make matters worse, these 60,000+ adware apps don’t have app icons and use a UTF-8 character in their labels which makes them much harder to spot. After being launched — either by the user or automatically after a reboot or unlock — the apps reach out to a server controlled by the cybercriminals behind this campaign and retrieve ads that are displayed in your smartphone’s browser.

At the moment, it appears that these adware apps are just showing ads but as Bitdefender notes in its report on the matter, their creators could change this “to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information or ransomware”.

How to stay safe from adware apps

A hand holding a phone securely logging in

(Image credit: Google)

When it comes to staying safe from adware apps or other malicious apps, the main way you can protect yourself is to avoid sideloading apps.

While sideloading apps by installing them using an APK file may be convenient, you have no way to know whether or not these apps are legitimate. Unlike on the Play Store and other third-party app stores, sideloaded apps don’t undergo rigorous security checks and they could contain malware or other viruses.

Besides not sideloading apps, you also want to have one of the best Android antivirus apps installed on your Android smartphone as they constantly scan for malware and other threats. If you’re on a tight budget, Google Play Protect is free and comes pre-installed on the best Android phones. Like other Android antivirus apps, it also has the ability to scan both your existing and any new apps you download for malware or other viruses.

Now that Bitdefender has rolled out its new anomaly detection feature to its mobile antivirus app, we could potentially see other malicious apps discovered that up until now have been able to avoid detection.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.