14 DAY TRIAL // A new type of adware using precision targeting has been found in apps across Google Play. Dubbed "Skinner," this new adware was found in an app providing game-related features.
According to researchers from Check Point, the app was downloaded by over 10,000 users, hiding from Google's heavy scrutiny for two months. After its discovery, Google was informed, and the app vanished from the app store.
It seems the adware can track the users' location and actions, executing malicious code without the user's permission. Adware isn't exactly a new type of threat against users, but Skinner comes with new tactics to evade detection and maximize profits by targeting users with "unprecedented prevision."
What's Skinner?
Researchers explain that the malware contains a malicious library. Once unpacked, Skinner hides the malicious components of the code to avoid detection. Once the malware detects a user activity, which includes opening an app, the malicious activity begins.
The tool checks a number of conditions before launching, such as a connected debugger, or an emulator hardware in order to evade detection by researchers and security tools.
The malware sends data about the phone and the user to its C&C server, including the location and running apps, requesting ads to display.
"Skinner uses an advanced logic to display illegitimate ads to the user, without raising his suspicion, and raise the probability he will click on them. Instead of simply displaying any ad, the malware checks which type of app the user is using at a given moment and displays a suitable ad. This is a completely new behavior for a mobile adware," researchers explain the malware's unique behavior.
The ads display for four app categories - navigation apps, caller apps, utility apps, and browser apps.
Regularly, Adware relies on mass spread to generate large profits. Skinner, however, focuses on the users' habits and the apps it uses to increase the click chances, while also minimizing the risks of being caught.