Security researcher Kristina Balaam of Lookout explained in a blog post how the adware had been installed by 440 million Android users.

Dubbed as BeiTaAd, the obfuscated advertising plugin was found hidden within a number or applications in Google Play.

Balaam wrote:

“The plugin forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep, and displays out-of-app ads that interfere with a user’s interaction with other applications on their device.”

The persistent and pervasive nature of the ads displayed led to users being unable to answer calls or interact with other apps. The ads only became visible at least 24 hours after the application had been launched. Balaam noted that in one instance the obtrusive ads did not present themselves until two weeks after the application.

The plugin has now been removed from all the affected apps on the Play store.

Usman Rahim, digital security and operations manager at The Media Trust said:

“There is a very fine – and, one could argue, diminishing – line between adware and malware. They exhibit similar behaviours for disseminating content and techniques for avoiding detection and analysis.

“Adware can also be vulnerable, as there is little to no incentive for developers to patch up the flaw, and can leak data. In the wrong hands, adware plug-ins can be used to distribute malicious code to commit theft and fraud on millions of users. Companies that monetize their apps by featuring ads must thoroughly vet their vendors and continuously monitor what these vendors do to users. “

Balaam stresses that those responsible for the plugin went to great lengths to hide its existence.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus