Avast analyst Jakub Vávra talked about how he and his colleagues found 21 malicious applications containing HiddenAds ad malware in the official Google Play Store.
HiddenAds was first discovered in 2019. The malware is a classic adware and specializes in displaying a huge number of intrusive ads, opens promo pages or pages with a large number of ads in victims’ mobile browsers.“Nearly all of the detected apps (see the full list here) mimicked various popular games, and the hacker group behind this campaign actively used social media ads and other marketing moves to attract as many users as possible to their ‘products’”, – said Jakub Vávra.
Obviously, this worked, since in total the applications were downloaded about 8,000,000 times.
After the victim installed any of these “games”, HiddenAds immediately hid the application icon (to make it harder for the user to uninstall the application in the future) and then began bombarding the victim with ads.
The researchers note that six malicious apps have not yet been removed and are still available on the Google Play Store. They are Shoot Them, Helicopter Shoot, Find 5 Differences – 2020 NEW, Rotate Shape, Cover art Find the Differences – Puzzle Game, and Money Destroyer.
Considering that such adware in general and HiddenAds in particular are often found in the official app store, Vavra once again urged users to be more careful.
“Users need to be vigilant when downloading applications to their phones. They are advised to carefully check the profile of the application, reviews, and also be careful when the application requests multiple permissions on the device”, — writes the expert.
Vavra also notes that such malware often masked as games and may targeted children, therefore, in his opinion, parents should pay more attention to information security issues and tell their children about malware and other online threats.
Let me remind you that just recently I talked about the interesting malware GravityRAT, which has increased its malicious potential with versions for Android and MacOS.