This Google Play application can render your mobile phone useless with advertising

And the Android app store is still involved in controversy for hosting applications of dubious utility, no matter how much security they host. The latest case has been uncovered by the security provider Lookout and it affects nothing more, and nothing less, than 238 applications that were perfectly integrated into the Google Play Store repository and that contained adware inside (a program that displays, of course, automatic, invasive way). The set of applications have a total of more than 440 million downloads and the adware they contained was so aggressive that it rendered the user's mobile phone useless, preventing its normal use.

Almost 300 virus-infected apps in the Play Store

The name of this malware is BeitaAd and it is a hidden plugin that is hosted in Emoji keyboard apps, including TouchPal (which is still on the Google Play Store… not even! you happen to install it!). The 238 applications containing this malware are all developed by the same company, Cootek, located in China. Initially, the user would not see anything strange on their mobile after installing any of these applications. However, within a period between 24 hours and 14 days, his mobile would begin to receive left and right, the attack being so continuous that the user could barely use his phone without suffering interruptions. The ads appeared mostly on the lock screen. One user has stated that the ads appeared even during a phone call.

In the report offered by the security company Lookout it is said that the developers of these malicious applications tried, by all means, to make almost impossible to locate this programof . The first version of the infected applications included the program as an unencrypted dex file called beita.renc inside the component directory. In this way the user had it more difficult to know what was the origin of his problem. Subsequently, the malicious file was renamed, encrypting it using an advanced program called Advanced Encryption Standard. All aimed at hiding the 'BeiTa' file chain.

There was bad intention in the development of the applications

According to Kristina Balaam, a security intelligence engineer at Lookout, all of the apps that were tested that contained the adware were published by Cootek, and all of the Cootek apps that were tested contained the program.It appears that the continued effort by application developers to hide the plugin that contained the malware indicates that Cootek was aware of the problem it caused. However, there is insufficient evidence to attribute the BeiTa plugin to Cootek.

Lookout has reported the plugin's malicious behavior to Google, which removes the vast majority of infected applications. Today, however, the TouchPal application (the typical tool that provides functions added to your keyboard with emojis, stickers, etc.) is still active on the store. The continued occurrences of malicious applications within the Play Store expose the significant security gap affecting the Google store, leaving the user unprotected against cybercriminals.

Via | Ars Technica