Two weeks ago, FireEye discovered a new mobile threat which affected millions of Android apps - “Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions”.
FireEye, have done some follow up research into this threat to see how Google have reacted to the discovery as well as how users may still be affected if they do not update their apps. Below is the full analysis:
Update: Ad Vulna continues
Since our last notification to Google and Ad Vulna (code name for anonymity), a number of changes have happened to the list of impacted apps that we reported to Google and Ad Vulna. Note that all these apps had at least 1 million downloads each on Google Play. Also, we do not have specific information about the reasons that caused these changes; we are only reporting the facts of these changes that we have observed.
First, a number of these vulnaggressive apps and their developers’ accounts have been taken down from Google Play, including app developer "Main Games Mobile", "Itch Mania" and "Popadworld". The total number of downloads of these apps was more than 6 million before the take-down. Sadly, while removing these apps from Google Play prevents more people from being infected, the millions of devices that already downloaded them remain vulnerable.
Second, a number of apps from the list that we reported to Google and Ad Vulna have updated the ad library included in the app to the newest version, which fixes many of the security issues we found. Moreover, a number of other apps, such as “Mr. Number Blocker” with more than 5 million downloads, have simply removed the vulnaggressive ad library Ad Vulna. The total number of downloads of these apps before they were updated was more than 26 million. Unfortunately, many users do not update their downloaded apps often, and hence millions of users of these apps will still be vulnerable until they update to the latest version of the apps.
From our current analysis, there are still many other apps using the vulnaggressive versions of the ad library Ad Vulna on Google Play, with more than 166 million downloads in total. FireEye recently announced FireEye Mobile Threat Prevention. It is uniquely capable of protecting its customers from Ad Vulna and other vulnaggressive threats.
We are glad to see that security researchers, practitioners, and users worldwide are becoming more aware of the security risks brought by this new class of vulnaggressive threats after our last blog.