Adware – a form of unwanted software that displays ads to users – has been one of the most popular not-a-virus threats for years. The monetization methods used in such software can pose a threat to users, and yet bring in more revenue for developers due to greater viewership, with the latter adapting new techniques in order to make such ad modules harder to detect by both users and cybersecurity technologies. While threats that target mobile users are usually distributed through various infected websites or unofficial app stores, income from such activities is appealing, leading to developers trying to expand the number of potential victims they can target. As a result, these applications are at times able to get onto official app stores, as was the case with the samples found by Kaspersky.
Recent discoveries have indicated there has been a potential rise in this method being used. Kaspersky researchers found three applications with inserted adware modules available on official marketplaces. One of them, a popular interactive questionnaire with millions of downloads, used a post-installation delay before showing ads that the researchers have also seen in other adware applications. This long delay from installation of the application to the first advertisement appearing made it much harder for the user to find the culprit for all the ads that suddenly appeared on the screen. This technique is frequently used to trick automatic protection mechanisms, such as sandboxes in app stores. The developer of the interactive questionnaire application promptly removed the adware module once informed.
Other analyzed applications account for almost a 100 million downloads. While carrying out their main functionality, they are also sending users half-screen ads as soon as the smartphone is unlocked, regardless of whether the app is running or not. At the time of this publication, developers of both of these apps have been contacted and have not responded to the requests to remove adware modules.
The spread of adware is not always carried out on purpose, and even legitimate applications can be vulnerable and end up spreading unwanted advertising without their knowledge. Most often this is due to of the use of advertising software development kits (SDKs) and lack of testing an integrated advertising library. As a result, adware modules sneak into the final code of applications.
“Nowadays we heavily rely on our phones. We work, share personal information and watch entertainment – all on our mobile devices. Obviously, this attracts adware creators’ attention. The problem here is that adware does not create usability inconveniences that frustrate users; it also – with improperly developed SDKs – could result in data leakages. As an additional way of monetization, developers of those SDKs may profit from selling user data relevant for targeting purposes to third parties to customize ads they are showing to users, without their permission. Every user has their digital comfort zone and relying on their own device nowadays is more important than ever,” comments Igor Golovin, security expert at Kaspersky. “Considering the new techniques used by developers to stop users detecting adware, I strongly advise using a reliable mobile security solution that will be able to stop such applications from invading users’ lives”.
To protect yourself from adware Kaspersky recommends:
- Promptly removing an application that is acting unusually and displays unwanted advertising;
- Always check application permissions before installing the application to see what they can access and do on a device;
- Use of a reliable mobile security solution, such as Kaspersky Internet Security for Android, that can help detect a variety of threats, including adware
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
© Press Release 2020
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
