Malware concealed within fake security software, game cracks, cheats, free Netflix options, and other “modded” apps targeted a campaign primarily focused on US users.

Researchers have discovered that over a span of six months, more than 60,000 malicious Android apps have targeted users worldwide with adware. These apps were cleverly disguised as fake security software, game cracks, cheats, VPN software, the Netflix streaming app, and utility apps. These deceptive apps were predominantly distributed through third-party sites.

In a recent post, Bitdefender disclosed that the main objective of the campaign is to distribute adware to Android devices, generating revenue for malicious actors. However, they also warned that these actors have the capability to switch tactics, redirecting users to other forms of malware such as banking Trojans, which aim to steal sensitive credentials and financial information, or even ransomware. It highlights the evolving nature of the threat and the potential for more serious consequences beyond adware.

Researchers found 60,000 unique apps carrying the adware, and they suspect more apps are currently distributing the same malware.

The distribution of these malicious apps stood out due to its automated and “organic” nature. Users searching for specific app types would encounter the malware, reflecting a common trend in malicious app distribution. Typically, those affected are individuals seeking unlocked versions of paid apps.

According to the researchers, when users click on a website from a Google search for a “modded” app, they are subsequently redirected to a random ad page. Frequently, these pages masquerade as legitimate download pages, but in reality, they contain malware disguised as genuine downloads. This deceptive tactic exposes users to the risk of unknowingly downloading and installing harmful software.