Hidden Threats: 331 Malicious Apps on Google Play Store Exposed in Massive Ad Fraud and Phishing Campaign

Bitdefender security experts discovered a large-scale ad fraud and phishing campaign known as the "Vapor Operation," which involved 331 fraudulent apps on Google Play. These apps, which were downloaded over 60 million times, managed to circumvent Android 13's security features. The campaign was originally spotted by IAS Threat Lab in early 2024, and it was linked to 180 apps that generated 200 million fraudulent ad requests every day. The malware has since spread to numerous app categories, such as fitness trackers, QR scanners, and note-taking applications.

Google has removed the discovered apps, however Bitdefender's study indicates that 15 were available at the time of analysis. Aqua Tracker, Click Save Downloader, and Scan Hawk are several popular apps, each with over a million downloads. The apps primarily served users in Brazil, the United States, Mexico, Turkey, and South Korea.

How the Malware escaped recognition

The attackers used a smart method to circumvent security barriers. Initially, the apps seemed to be legitimate ad-supported software. However, following installation, they acquired dangerous programs via remote updates. They also took their icons from home screens, making them difficult to find. Some programs even imitated trusted apps, such as Google Voice. The infection displayed continuous full-screen ads, disabled return buttons, and, in some cases, duped users into entering passwords on fake login sites.

To avoid such dangers,

• Install applications only from trusted providers.
• Check installed programs on a regular basis for suspicious behavior.
• Use security solutions such as Google Play Protect.
• Keep your Android and all programs up to date.

Despite Google's steps, users must remain attentive to prevent becoming victims of such cyber assaults.

This article is based on information from India Today