Cybersecurity experts from Bitdefender have uncovered a significant ad fraud scheme involving over 300 Android applications, which collectively garnered more than 60 million downloads from the Google Play Store. These applications, masquerading as benign utility tools such as QR scanners, expense trackers, and health apps, primarily targeted users with older Android versions (Android 13 and earlier).
According to the findings, most of these apps first appeared on the Google Play Store in the third quarter of 2024. As of the completion of Bitdefender’s research, only 15 of the identified apps remained active. The majority of affected users are located in Brazil, with additional victims in the United States, Mexico, Turkey, and South Korea.
Upon installation, these deceptive applications would conceal their icons from the device’s launcher—a tactic only feasible on older Android systems. While retaining some functionality, the apps displayed intrusive ads over other applications, often without user consent. Alarmingly, some of these apps attempted to harvest sensitive information, including user credentials and credit card details. Certain applications even managed to initiate themselves without any user interaction, a capability that should not exist on Android 13.
Although the majority of these harmful apps have been removed from the Play Store, individuals who still have them installed on their devices remain vulnerable. Signs of compromise may include unusual device behavior such as lagging, excessive ad displays, overheating, or unexpected data usage while idle. Users are advised to promptly uninstall any suspicious applications or those that are not actively in use.
To enhance security, it is recommended to operate on the latest version of Android, which is currently Android 15, with further updates anticipated in 2025.
