Cybersecurity researchers at the mobile security firm Lookout recently found out that 238 apps on the Google Play Store were infected with dangerous adware called BeiTaAd which was created by one Chinese development studio. Surprisingly, Google didn’t detect BeiTaAd on its own and Lookout had to inform Google about the app infections.
“BeiTaAd is a well-obfuscated advertising plugin hidden within a number of popular applications in Google Play. The plugin forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep, and displays out-of-app ads that interfere with a user’s interaction with other applications on their device.”
Lookout informs that the BeiTaAd plugin is never installed on a device, preventing it from appearing as an installed package on an infected device and it is only possible to remove BeiTaAd by uninstalling the affected application. Some of these ads would trigger audio and video at random times, interrupting phone calls or waking the user up in the middle of the night. However, as of May 23, all 238 applications that had been compromised by BeiTaAd have either been removed from the Google Play Store or have been updated to versions without the offending plugin. Lookout stated:
This BeiTaAd plugin family provides insight into future development of mobile adware. As official app stores continue to increase restrictions on out-of-app advertisements, we are likely to see other developers employ similar techniques to avoid detection.
This could now result in adware becoming the norm for app developers looking to monetize their apps in increasingly more complex ways. With BeiTaAd, Android has a major problem on its hands.