- The new variant of the adware is found to be delivered via apps from a third-party app store named Uptodown.
- By disguising as apps, the malware becomes less susceptible to detection by malware vendors.
A new variant of BatMobi adware has been doing the rounds lately. This new variant of the adware is found to be delivered via apps from a third-party app store named Uptodown.
What’s the matter - According to researchers from MalwareBytes, the new version of BatMobi arrives in the form of apps that download videos from YouTube, such as Videoder, Video Downloader, Snaptube, and TubeMate. By disguising as apps, the malware becomes less susceptible to detection by malware vendors.
Based on a Reddit post, this new version of the BatMobi was first observed on January 21, 2019, and is known as Android/Adware.BatMobi.
How it can be triggered by Google Play - Researchers noted that the new BatMobi variant popped up ads whenever an app was updating or installing in Google Play. It leveraged Chrome Custom Tabs to open websites whenever it was triggered by these events. Although these websites are relatively safe, experts claim that they are an unwanted nuisance for the user.
Mi Mobiles are the worst affected - Upon further investigation, it was found that the adware was primarily distributed via pre-installed apps on Mi Mobile devices, specifically, the Xiaomi Redmi Note 5. The infected apps are:
- Package name: com.mi.android.globalpersonalassistant
App name: App vault
- Package name: com.android.providers.downloads.ui
App name: Downloads
Researchers claim that not all versions of the apps nor all Xiaomi Redmi Note 5 devices are infected by the new version of BatMobi adware.