55 Million Users infected with Adware in 50 Apps of Google Play Store

Around 50 Million Users infected with adware named XavirAd was detected on plenty of apps in the Play Store. The adware displays annoying ads to users who had their devices infected and collects personal information that gets sent to a remote server.

One of the ad is Add Text on a Photo that is extremely popular. This kind of ads are responsible for it. In that, users will have a full-screen ad popping up at regular intervals, even if the infected app is closed. These ads will direct you to install other apps.

Security firm named Sophos researchers said:

“XavirAd can do more than just popping up ads. Once the app is started, the XavirAd library contacts its server and gets the configuration code. The server responds with advertisement settings including full screen ad intervals, and saves them in shared preferences. The domain api-restlet.com registered for this purpose appears to be a year and a half old, with origins in Vietnam.”

Infected apps help users capture screenshots, take selfies, install themes and wallpapers or create video slideshows. Google has yet to remove all the apps, so you may want to be careful about the apps you install on your device in the meantime.

Here are some infected Apps which is present is Google Play Store.

What Adware do?

Adware downloads .dex file from cloud.api-restlet.com which collects data from the user’s phone, including the email address for the Google account, list of installed apps, IMEI identifier, and android_id, screen resolution, manufacturer, model, brand, and OS version, SIM operator and app installation source. The data is encrypted and sent to a web address.

How to stop this Adware?

If the user has an email address that contains several strings, it will stop the action so it doesn’t ring the alarm about itself. @google.com, @facebook.com, gplay, and review are a few of the strings that will get the adware to stop.

Leave a Reply

Your email address will not be published. Required fields are marked *