This is an update to our earlier blog “Ad
Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware
Since our last notification to Google and Ad Vulna (code name for
anonymity), we have noticed a number of changes to the impacted apps
that we reported to both companies. We summarize our observations
below, although we do not have specific information about the reasons
that caused these changes we are reporting.
First, a number of these vulnaggressive apps and their developers’
accounts have been removed from Google Play, such as app developer
“Itch Mania”. The total number of downloads of these apps
was more than 6 million before the removal. While removing these apps
from Google Play prevents more people from being affected, the
millions of devices that already downloaded them remain vulnerable.
Second, a number of apps from the list that we reported to Google and
Ad Vulna have updated the ad library included in the app to the newest
version which fixes many of the security issues we found. Moreover, a
number of other apps, such as “Mr. Number Blocker” with more than 5
million downloads, have simply removed Ad Vulna. The total number of
downloads of these apps before they were updated was more than 26
million. Unfortunately, many users do not update their downloaded apps
often and older versions of android does not auto-update apps, so
millions of users of these apps will remain vulnerable until they
update to the latest version of the apps.
From our current analysis, there are still many other apps using the
vulnaggressive versions of the ad library Ad Vulna on Google Play,
with more than 166 million downloads in total. FireEye recently
Mobile Threat Prevention. It is uniquely capable of
protecting its customers from such threats.
We are glad to see that security researchers, practitioners, and
users worldwide are becoming more aware of the security risks brought
by this new class of vulnaggressive threats after our last blog.