The Vietnamese student who was behind a dangerous Android adware

Thanks to the company's research cybersecurity specialist ESET, the person responsible for several malware which had infected terminals nearly 8 million times under the system Android, has finally been found.

In fact it was a Vietnamese student. He was located alive in Hanoi. apparently it would be the origin of about 42 Android apps that would have been downloaded from Google's official store, the Play Store. All the software he would have created has been installed about 8 million times. And they all contained, according to ESET experts, a strain of Android malware that they dubbed "Ashas" (for Android/AdDisplay.Ashas).

This article will also interest you: Apps on Google Play Store are starting to get infected with porn and malware

The cybersecurity company also pointed out that not all of these counted applications are highly aggressive advertising-type malware. Apparently the program would have been incorporated much later after the creation of its applications.

The publisher in question had decided to switch to the development of advertising application instead of this legitimate application that it had begun to develop. This is where the latter began to update its existing applications on the Play Store with the Ashas advertising program. And its program worked by allowing ads to be displayed on the screen across open apps.

But the cybersecurity company acknowledges that this young developer still did a good job. indeed it was able to hide the origins of the advertisements thus preventing it from being traced back. apparently the program works in such a way that the advertisements appeared 24 minutes after coming into contact with the infected app. In addition, the ads appear under the banner of other applications that suggest that it came from it. The cybersecurity company's investigation showed that since July 2018, the young programmer had managed to create and download these 42 apps from the Google Play Store accompanied by his Ashas program, 21 of which would still be in a position to be downloaded from Google's store. "We reported the apps to Google's security team and they were quickly removed (…) However, apps are still available in third-party app stores. »

What surprised the ESET team, however, was that the young student had not taken care to conceal his identity. which explains how did the company's experts locate it so easily. this is surely due to the fact that he first started publishing applications specific to him at a time when he had no intention of switching to illegality. As a result, he did not hide his identity before publishing it. and once the updates were initiated in order to introduce the malware code, it failed to make itself anonymous. it was already too late. and so the cybersecurity company to easily link the emails it had registered for advertising domains and other personal accounts on Github, Facebook and YouTube.

But beyond this, there is a good chance that there is no real legal problem against this young student. Indeed, it is rare for small advertising fraudsters to be prosecuted by the authorities who see this as a waste of time.

Now access an unlimited number of passwords: