ESET researchers found 42 Android applications on the Google Play Store, which were infected with adware. Applications had millions downloads. ESET gave the adware the name Ashas (Android / AdDisplay.Ashas).
The researchers, however, did not find them alone malicious applications. Achieved to identify their creator. This is a college student who lives in Hanoi, the capital of Vietnam.
According to the researchers, some of the applications did not have Ashas adware in their original versions. The student was making legitimate applications until he had some time thinking about running an adware business.
So he added adhesives code Ashas to his original applications, which resulted in ads appearing on victims.
Researchers say the Vietnamese developer did a very good job of hiding the origins of these ads. The advertisements appeared about 24 minutes after the infected application was opened and often displayed logos of other known applications.
Student applications have been on the Google Play Store since July at 2018. Until the time of the discovery by ESET, 21 applications were in store.
Although Google removed the apps, they are still available in third-party app stores companies.
Researchers have been able to identify the Vietnamese programmer because of a sudden change in his plans.
The student, as we said above, originally designed legitimate applications that were not adware-infested. For this reason she had not cared to hide it ID card of in early versions of applications.
The researchers were able to link them emails, which he used to register domains adware, with his own GitHub, YouTube, and Facebook accounts. ESET has published one report, in which she describes in detail how she got to the student.
It is not certain whether the student will be confronted with justice. The services law enforcement agencies don't usually deal with adware scams, and if they do, they deal with them hackers, stealing millions, not with small attacks.
Below you can see the adware-infected applications. If you still have any of these, remove it immediately from your device.