BeiTaAd, a highly-intrusive adware plugin that displayed advertisements on smartphone lock screens and triggered video and audio advertisements even while the phone was asleep, was discovered in as many as 238 unique applications on the Google Play Store.
The 238 applications on the Google Play Store that feature BeiTaAd plugin enjoyed over 440 million installations and were published by CooTek, a Shanghai-based mobile internet company that recently got listed on NYSE.
The most popular among these apps is the TouchPal keyboard app that has been downloaded over a hundred millions times on the Google Play Store. Apps published by CooTek also include a number of very popular health and fitness apps that have been downloaded by millions of Android device users as well.
According to security researchers at Lookout, the BeiTaAd plugin was first introduced in 2018, is encrypted using Advanced Encryption Standard (AES), and piggybacks on popular Android apps published by CooTek on the Google Play Store.
It is difficult for the lay user to detect BeiTaAd as it is never installed in the device and is not listed as an installed package. For the same reason, a user cannot get rid of the plugin until the user uninstalls the entire application from his/her device.