For the past six months, more than 60,000 Android apps disguised as legitimate applications have quietly installed adware on mobile devices while remaining undetected.

According to cybersecurity firm Bitdefender, to date, it has discovered 60,000 completely different samples (unique apps) carrying the adware and suspects there is much more in the wild, reports BleepingComputer.

Started in October 2022, the campaign distributed fake security software, game cracks, cheats, VPN software, Netflix, and utility apps through third-party sites.

Mobile apps
Mobile appsIANS

Users in the US are primarily targeted, followed by South Korea, Brazil, Germany, the UK, and France.

Moreover, the report showed that the malicious apps are hosted on third-party websites in Google Search that push APKs, Android packages that allow users to manually install mobile apps, rather than on Google Play.

When users visit the sites, they will either be redirected to advertisements or prompted to download the app they are looking for.

Google, Android apps, fake, adware, Lukas
Lukas Stefanko, a renowned senior security researcher at ESET, has discovered 9 fake Android apps with adware detected on Google Play stpreLukas Stefanko/Twitter (screen-grab)

The download sites are specifically designed to distribute malicious Android apps as APKs, which, when installed, infect Android devices with adware, the report said.

Meanwhile, Google has removed 32 malicious extensions from the Chrome Web Store, totalling 75 million downloads, that could alter search results and push spam or unwanted ads.

The extensions included legitimate functionality to keep users unaware of the malicious behaviour, which was delivered in obfuscated code.

(With inputs from IANS)