If you suddenly find your Android phone becoming slow and almost freezing and unusable, then you are on the right page. Recently, researchers from the security firm “Lookout” provided vital information about a hidden adware carefully placed inside applications. These applications already made available by Google on its online store, Google Play. This Adware has such a powerful influence that can make devices almost unusable. Surprisingly, this adware has reached over 440 million installations by unaware users all around the world.
“BeiTaAd” a malicious Adware. CooTek, a Chinese company responsible for BeiTaAd.
Lookout Researchers discovered the Chinese adware under the name of “BeiTaAd” and it is a plugin in nature. Researches found the plugin hidden in emoji keyboard “TauchPal” along with 237 other applications. Lookout news stated that CooTek was the company responsible for producing this malicious Adware. CooTek company’s current location is in Shanghai, China. A staggering number of 238 applications with over 440 million installations, taking place. The applications work perfectly normal and well for the first few days of installation. Then, after a delay of around 24 hours to 14 days, the BeiTaAd plugin starts to take action, and distributes what we call a “non-application advertising”. These ads appear all over the phone, usually in the user’s lock screen. Afterwards, it starts activating audio and video at random times even when the phone is on standby, or sleep mode.
“My wife had enough of this issue. The phone show random advertisements in the middle of phone calls. Sometimes even the Ads show when she turns off the alarm clock or whenever she interatcs with any app or function on her phone. It’s extremely difficult to find the source of these Advertising, which makes it so annoying and renders her phone almost unusable” – One said from an online forum, about topic “BeiTaAd” in November.
“Lookout” reveals the history and intentions of BeiTaAd plugin.
“Lookout” reporters stated that the developers of these 238 applications have tried to hide the plugin so carefully. The first versions of these applications integrated the Adware, as an unencrypted .dex file and renamed it to “beita.renc” in the properties / components directory. Renaming the Adware made the users unable to identify the file responsible for executing the code.
Kristina balaam, a security intelligence engineer at “Lookout”, wrote in an email: “Our analysis showed that CooTek and Cootek applications are the main responsible parties for all the applications containing the beiTaAd plugin. The realization that the developers have tried their best to hide the plugins inside the application, helped us discovere that they are completely aware of the nature of this SDK issue”
“Lookout” firm reported BeiTaAd’s behavior to Google. Google then started to remove the applications from Play, or update them after removing the plugins. Despite the nature of this Adware, being a hidden violation, CooTek shows no indication of getting a ban or a penalty. Specially when this violates Google Play terms on such a large scale.
All Android users should try to be very wary of Google Play and downloading these infected application carefully. At least until Google takes action to control the online availability of malicious and abusive applications on its online store.