When you think malware, that's understandable if your mind first goes to elite hackers to launch sophisticated trawls. But unless you are being targeted by nation-states or advanced crime syndicates, you will not face this ultra-technical threat yourself. On the other hand, malware generates rampant rampant. And the type you most likely encounter is adware.
In your daily life, you might not think too much about adware, software that illegally smuggles ads into your applications and browsers as a way to generate fake revenue. Remember pop-up ads? It's like that, but with special software running on your device, instead of malicious web scripts, throw away the ad. Advertisers often pay based on impressions, or the number of people who load their ads. So scammers have realized that the more ads they can use for you, the more money they collect.
Ad It Up
Your smartphone offers attackers the perfect environment for releasing ad malware. Attackers can distribute adware-tainted applications through third-party application stores for Android and even sneak applications that are adware to the Google Play Store or Apple App Store. They can reach millions of devices quickly, lurking on your cellphone, for example, while their servers spit out ads that run in the background of your device or right on the screen. It does not require complicated hacking techniques. It doesn't try to steal your money. At worst, it makes your device a little slower or forces you to close some unexpected ads. Adware may be on your cellphone now.
"With adware – which in my opinion is one of the boldest types of malware on the cellular front – we can see that the principals are basically following the money," said Aviran Hazum, leader of the analysis and response team at Check Point security firm. "Many victims will pay ransomware ransom, or attackers can gain access to bank accounts, but that possibility is relatively low compared to the amount of money they can make by displaying advertisements. More viewers, more adware, more income."
Lily Hay Newman includes information security, digital privacy, and hacking for WIRED.
Strains of adware routinely infect tens of millions or even hundreds of millions of devices at once. Although adware detection has declined year by year, security company Malwarebytes still ranks it as the most common type of consumer malware in 2018. Check Point published findings in one example last week, dubbed Agent Smith, which infected more than 25 million Android devices around World. Fifteen million of them are in India, but Check Point also found more than 300,000 infections in the US.
Check Point saw signs that attackers began developing Agent Smith adware in 2016 and have been fixing it since. Distributed mostly through third-party Android application stores 9Apps, adware was initially a more awkward type of malware and disguised as a legitimate application but requested a number of suspicious device permissions to run and display many annoying advertisements.
In spring 2018, Agent Smith evolved. The attacker adds another malware component so that after adware is installed, it will search through third-party device applications and replace as much as possible with malicious bait. The initial malware will be in applications such as bad games, photo services, or sex-related applications. But once installed, it will disguise itself as a Google update utility – like a fake application called Google Updater – or an application that pretends to sell Google products, to have a better chance to hide in plain sight.
Agent Smith also infiltrated the Google Play Store during 2018, hidden in 11 applications that contained software development kits related to the campaign. Some of these applications have a total of 10 million downloads, but Agent Smith's functions are inactive and may represent the next steps planned for the actors. Google has removed this contaminated application.
Check Point's Hazum shows that the actors behind Agen Smith also overhauled their infrastructure in 2018 and moved their command and control framework to Amazon Web Services. In this way, attackers can expand features such as recording and more easily monitor analytics such as download statistics. Campaigns such as adware and cryptojacker distribution can often function on legitimate infrastructure platforms such as AWS, because it is difficult to distinguish between their malicious activities from legitimate operations. In another recent adware campaign, researchers have found innovations such as malware that take advantage of smartphone displays and accessibility settings to display invisible ads that give them credit with an ad network without users even seeing anything.
"You begin to see actors realize that only ordinary adware won't be done today," said Check Point's Hazum. "If you want big money, you need to invest in infrastructure and research and development."
This is Advertisements, Advertisements, Advertisements, Advertising World
Agent Smith is just one wave, in a sea of big adware campaigns that affect hundreds of millions of users. For example, at the end of 2017, the adware known as Fireball infected more than 250 million PCs. The Fortnite Imniter application began to spread adware on Android during the summer of 2018. And in April researchers found 50 applications driven by adware on Google Play that have been downloaded more than 30 million times. Almost all popular applications bring up adware clones immediately – even FaceApp.
Although adware is not always a direct threat to users, even when it is on their device, it opens the door for attackers to add other dangerous functions in the future that can harm data or user accounts. And adware can also be bundled with other types of malware, which shows a worse attack that is coming.
"Especially for adware, there are many risks for users coming in applications that download extra items or direct users to other websites," said Ronnie Tokazowski, senior threat researcher at the e-mail security company Agari. "Many forms of adware are sold through the pay-to-install model, so the more things installed on end-user phones or PCs, the more actors get."
To avoid downloading adware from the start, use the official app store to download the software, obey as many major applications as possible, and always double-check that you are actually downloading, say, the original Twitter application and not Twltter. To get rid of adware that might already be on your device, open your application and delete anything you don't use anymore, or any application that is very glitchy or full of advertisements, such as games or random utilities such as flashlight applications. And if you want outside opinions, you can download the leading adware scanners from antivirus companies such as Bitdefender, Malwarebytes, or Avast. Most offer free trials. But be careful of actual downloading – adware and other malware like to hide in that application pretend become an adware scanner.
Adware is not a powerful and invasive malware created by nation-state hackers for special surveillance or intimidation. But that malware is most likely to appear on your cellphone, which makes it the most important type to watch out for.
More Story of the CABLE