According to the researchers, hacking team created at least 38 Android applications that bombarded them users with ads. The most recent of these applications had modified and disabled malware adware in source code, most likely to avoid sweeping security of the Google Play Store during the application submission and approval process.
It was necessary to hide the malicious code, as the group had tried to introduce adware applications in the past, but were not very successful.
The company with the malicious Android applications launched in January 2019
White Ops reports that hacking team has been active since January 2019. Then, it started to raise malicious applications in the Play Store. Twenty-one of the team's thirty-eight malicious applications were downloaded to the Play Store during this initial phase.
All Android applications were related to beauty issues (eg applications for taking selfie photos or applications with photo filters, etc.). The users downloading the apps were bombarded with ads, and they also had a hard time deleting them as the applications hid their icons.
However, these applications were not very advanced. Google's initial reviews were over, but they were quickly identified as malicious.
According to White Ops, most of these Android applications stayed at the Play Store for about 17 days, before being removed.
However, despite their short 'lifespan', many users have downloaded most of these applications.
Change tactics to hide the malicious nature of applications
However, White Ops says the team has changed its tactics and adopted two methods to hide the malicious code of their applications.
The first method involves use Arabic characters in various parts of the source code of their applications.
The second method involves the removal of malicious code. Since September 2019, the team has uploaded 15 beauty apps to the Play Store with all of them turned off malicious their functions. This means that Android applications are "Technically" clean and legal, but the malicious code can be added again through an application update.
However, Google has removed all apps to make sure no more users are at risk.
According to White Ops, the 38 malicious Android apps have had more than 20 million downloads since January 2019. That's a pretty large number. users, although the hacking business is not even very advanced.