Cybercriminals frequently using Play store to upload malicious apps that often delivering malware and committing ads frauds.
Italy, Taiwan, the United States, Germany and Indonesia with the most infections records by this malicious wallpaper apps.
These Android apps are providing attractive wallpapers that contain highest reviews which is identified as fake review to gain the more trust from users.
Android Malicious Wallpaper Apps Infection process
After the app launched an HTTP GET request is communicated to the C&C for a JSON-formatted list.
According to Trend Micro “The apps then get the advertising ID from Google Play Services the and replace some parameters in the URL, ANDROID_ID with the advertising ID, replace BUNDLE_ID with the fraudulent app’s package name, replace IP with the infected device’s current IP, and more. After replacement, the URL
Once URL loads, apps begin to simulate clicks on the ad page The cybercriminals profit through the parameters’ value replacement. IDs provided by Google for Android developers such as the advertising ID, advertiser ID, and device ID are anonymous identifiers specific to users to monetize their apps. Researchers said.