Google Play another collection of malicious apps with hundreds of millions of installations. Worst of all, these programs make mobile devices almost unusable, Lookout said.
The list, according to the researchers, includes 238 apps with a total of 440 million installs. Among them is the Emojis TouchPal keyboard. All applications were developed by the Shanghai company CooTek.
The BeiTaAd plugin was found in the application code, which, in the range of one to 14 days, began to download and display advertisements. Moreover, this happened even if the program was closed, and the smartphone is in βsleep modeβ. The worst thing is that these were video and audio clips.
The software developers are said to have gone to great lengths to hide BeiTaAd. In particular, its startup file was renamed. In earlier versions it was called beita.renc and is located in the assets/components directory. Now it has received a more neutral name icon-icomoon-gemini.renc. It was also encrypted using Advanced Encryption Standard, and the decryption key was additionally hidden.
Kristina Balaam, Lookout Security Engineer, said that malicious code was found in all applications, although given the methods of hiding it, it is not yet possible to unequivocally link CooTek and the use of BeiTa. The Chinese company and Google have not yet commented on this.
There is also no evidence yet that the apps will be removed from Google Play. Therefore, it remains only to advise users to be careful and not install CooTek applications until the end of the investigation.
Source: 3dnews.ru