Rectifyq📃Title: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users
📅Date: 2025-11-24
🔗References:
Description
A large-scale Android adware campaign dubbed ‘GhostAd’ has been uncovered, affecting millions of users primarily in East and Southeast Asia. The campaign involved multiple apps on Google Play that appeared harmless but created persistent background advertising engines, draining device resources and disrupting normal phone use. These apps used foreground services, job schedulers, and continuous ad refreshing to maintain their presence even after users closed or rebooted their devices. The adware integrated multiple legitimate advertising SDKs but violated fair-use policies by continuously loading ads without user interaction. Users experienced battery drain, reduced performance, and difficulty in removing the apps. Google has since removed the identified apps from the Play Store and disabled them via Google Play Protect.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Check-Point
- target-information=“Malaysia”
- target-information=“Pakistan”
- target-information=“Philippines”
- mitre-attack-pattern=[‘T1475’, ‘T1541’, ‘T1472’]
MISP event uuid: 8880426c-4970-4b04-b4c3-528c8e3e1eec
Indicator of Compromise (IoCs)
type,value,comment
Full IOCs available in Rectifyq's MISP```