India and Vietnam most hit by Android malware

Android malware continues to target mobile devices around the world. According to ESET Research, India and Vietnam are ranked among the top five countries globally to be hit by Android/FakeAdBlocker malware. Apart from that, Vietnam is the country with the most android malware attacks in the Asia Pacific (APAC) region.

With a population of 1.36 billion people, India is estimated to have over 760 million smartphone users in 2021. While iOS (Apple operating system) devices are available in the subcontinent, Android OS dominates the industry, making up 95.79% of the users. The affordability of Android mobile phones, especially through locally made Indian phone models makes it easier for anyone in the country to own a smartphone today.

Vietnam has one of the fastest-growing economies in the ASEAN region. With fast growth, increased tech usage has also seen more mobile devices enter the market. There are 61.3 million smartphones in Vietnam, making the country among the top 10 users of smartphones after China, India, Indonesia, and Japan.

As such, the increased penetration of mobile devices also leads to increasing cybersecurity concerns. Mobile devices are vulnerable to cyberattacks and continue to be targeted by cybercriminals, and can be easily affected by malware via apps, emails, and even text messages.

Trojan Android malware invites financial ruin

Android/FakeAdBlocker is an extremely stealthy trojan. Masquerading as an ad blocker for Android mobile devices, it installs adware and possibly other malware when users looking for a legitimate adblocker install them from third-party sites or app stores.

The malware usually hides its launcher icon after the initial launch. Not only does it deliver unwanted scareware or adult-content advertisements, but it also creates spam events for upcoming months in iOS and Android calendars. These ads often cost victims money by sending premium-rate SMS messages, subscribing to unnecessary services, or downloading Android banking trojans, SMS Trojans, and malicious applications. The malware also uses URL shortener services to create links to ads, which in some cases monetize their clicks.

“Based on our telemetry, it appears that many users tend to download Android apps from outside the Google Play store, which might lead them to download malicious apps delivered through aggressive advertising practices that are used to generate revenue for their authors,” explains ESET researcher Lukáš Štefanko, who analyzed Android/FakeAdBlocker.

Commenting on the monetization of the shortened URL links, Lukáš adds, “When someone clicks on such a link, an advertisement will be displayed that will generate revenue for the person who generated the shortened URL. The problem is that some of these link shortener services use aggressive advertising techniques such as scareware ads informing users their devices are infected with dangerous malware.”

The concern is greater for users of Android devices. Scam websites may provide malicious apps to download from outside the Google Play store. For example, the website requests to download an application called “AdBlock,” which has nothing to do with the legitimate application and indeed does the opposite of blocking ads. Instead, a scareware advertisement, or the Android/FakeAdBlocker trojan, is delivered via a URL shortener service.

Top 10 countries with Android/FakeAdBlocker detections (January 1, 2021 – June 1, 2021) Source: ESET Research

Cybercriminals target vulnerable communities

According to McAfee Advanced Threats Research’s Mobile Threat Report 2021, hackers are also using fake apps and hiding malware and malicious links inside fake covid-19 vaccination appointments and registration display ads.

When victims click on these links and ads, they end up having malware downloaded onto their devices. The malware may activate accessibility features to give the hackers full device control, which can allow them to steal banking details and credentials.

In India, McAfee researchers also found evidence of an SMS worm targeting Indian consumers. This is believed to be one of the earliest organized vaccine fraud cyberattack campaigns, where both SMS and Whatsapp messages encouraged users to download a vaccine app. Once downloaded, the malware in the app will continue to display unwanted and fraudulent ads to users and send itself to everyone in the victim’s contact list.

In a large country like India, where access to vaccination is an issue, many are desperate to get appointments, making them particularly susceptible to cyberattacks.

In 2020, Vietnam recorded a US$400 million increase in investments, proving well that the nation could rival Indonesia as Southeast Asia’s growth market for tech investments. As such, cybersecurity is also becoming more important in the country with more businesses increasing their security investment.

While malware like Android/FakeAdBlocker continues to be a growing concern in both these countries, businesses and users can take the necessary steps in securing their devices. Common security practices should be enforced including downloading software from reliable sources only and not simply clicking on links.