Android Wallpaper Apps Found Running Ad Fraud Scheme (Dec 19, 2018)
At least 15 different fake wallpaper applications were discovered in the Google Play store by Trend Micro researchers that were secretly committing advertisement fraud. The applications were primarily downloaded in Germany, Italy, Taiwan, and the US, and were downloaded over 220,000 different times. The fake applications promised wallpaper background that were aesthetically appealing and had several good reviews to appear legitimate. If downloaded, the application will then decode the Command and Control (C2) server address and mute the entire process so the user does not detect it occurring. The application will send an HTTP GET request to receive a JSON-formatted list with the feeds for the advertisements the application is intending to get. The ads run in the background of the infected device and garners a profit for the threat actors who developed the applications.
Recommendation: All applications should be carefully researched prior to installing on a personal or work machine. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. If given an option between a "quick/express" installation or a "custom" installation, always choose the custom installation, as it is more likely to disclose other applications and programs being installed. If you are installing a desired application, check that you are getting the installer from the legitimate website and not a third-party installer. It is also recommended to have trusted antivirus software installed and that it always kept up-to-date.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.