Security researchers from Bitdefender have uncovered a large-scale ad fraud campaign involving 331 malicious apps on the Google Play Store. With attackers exploiting loopholes in Android systems and employing sophisticated evasion techniques, users must remain vigilant when downloading apps even from trusted platforms like Google Play Store. These apps, which have accumulated over 60 million downloads, exploit vulnerabilities in Android 13 to bypass security restrictions and carry out phishing attacks, ad fraud, and credential theft. Bitdefender recommends users avoid relying solely on default protections provided by Android and Google Play Store. These apps mimic utility applications like QR scanners, expense trackers, health apps, and wallpaper tools, making them appear harmless to unsuspecting users. Attackers have managed to bypass Android’s restrictions on launching activities without user interaction and hiding app icons from the launcher, a feature prohibited in newer Android versions. Google has proactively purged malicious apps from its platform, but attackers continue adapting their methods. As this campaign unfolds, it serves as a wake-up call for both users and developers to prioritize mobile security measures to combat increasingly complex threats. Worse, some apps attempt to collect sensitive user information, including credentials for online services and credit card details, through phishing attempts. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The campaign remains active, with the latest batch of malware uploaded to the Play Store as recently as March 4, 2025.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Mar 2025 14:15:17 +0000