- A piece of dangerous adware called BeiTaAd was discovered in 238 apps made by one Chinese studio.
- The adware triggered out-of-app ads relentlessly, including audio and video ads.
- Google didn’t discover the adware for months. Instead, Lookout discovered it and informed Google.
Security company Lookout recently found that 238 apps on the Google Play Store — all created by one Chinese development studio — were infected with a dangerous piece of adware called BeiTaAd. Collectively, these 238 apps had over 440 million installs.
Most alarmingly, Google didn’t detect BeiTaAd on its own — Lookout had to inform Google of the app infections. Thankfully, the 238 apps in question have either been removed from the Play Store or updated to a new version without the BeiTaAd infection.
Lookout’s blog post on the topic goes into specific detail of how it found out about BeiTaAd, how it works, and why it wasn’t detected. It’s very technical, but the basic gist of BeiTaAd is that it was incredibly obtrusive, in some cases rendering a smartphone to be essentially unusable.
The way it worked is that a user would install an app made by Chinese studio CooTek; for example, the keyboard app TouchPal, which has over 100,000,000 installs and 1.5 million reviews. Once installed, anywhere from 24 hours to 14 days later, BeiTaAd would start pushing system-level ads to the user, which means the ads appeared outside the app in areas like the lock screen.
Some of these ads would trigger audio and video at random times, interrupting phone calls or waking the user up in the middle of the night.
It’s quite alarming that BeiTaAd was so infectious and in so many popular apps and Google didn’t figure it out.
Curiously, the 238 apps in question all had code that concealed BeiTaAd’s presence very efficiently, according to Lookout’s research. Lookout couldn’t find any direct proof that CooTek put BeiTaAd there itself, but it does seem strange that the company went to great lengths to hide it in literally every app it had listed on the Play Store. It’s also very strange that BeiTaAd doesn’t appear in other apps by any other developer.
Anecdotal evidence shows that BeiTaAd had been active on the Play Store for around seven months before Lookout found it and reported it to Google.
As of now, it doesn’t appear CooTek has been severely reprimanded for this breach, as many of its apps, including TouchPal, are still active on Google Play. We’ve reached out to Google about this story but didn’t hear back before press time.
Usually, with security breaches such as this, the adware infects unpopular apps that only last on the Play Store for a short while before discovery. The fact that these apps had so many installs and lasted on the Play Store for months — and Google didn’t discover them on its own — is quite alarming. This should act as a reminder to always use caution when installing a new app on your phone, no matter how popular or well-reviewed it might be.
>> Source Link