Ad modules are appearing in popular Android apps on Google Play. The modules can show ads whether the app is running or not, causing a nuisance for the user. The module connects to the C&C servers, whose addresses are encrypted in the app code. This technique is frequently used by cybercriminals to trick automatic protection mechanisms, such as sandboxes in app stores. We passed our findings to the app developers, who promptly removed com.haskfm.h5mob.com’s ad module.”]
Source: https://securelist.com/in-app-advertising-in-android/97065/