Avast has discovered an impressive HiddenAds campaign, or unwanted advertising hidden in 47 applications on the Google Play Store. The campaign uses a family of Trojans disguised behind popular online games, which actually only serve to display unwanted ads.
Once the app is downloaded, a timer is started which authorizes the user to play for a certain period of time. Once the time is over, the app starts showing unwanted advertisements, also managing to steal personal information, geo locate the user and more.
The app can still be uninstalled via the device management features, but it requires the user to search for the source of the ads.
The discovery of 47 malicious apps. The identifying factors of the campaign
The initial detection by the Avast researchers was carried out thanks to the comparison of this campaign with a previous one of the same type, always present on the Play Store.
After further analysis via apklab.io, Avast researchers were able to identify a larger campaign involving 47 applications.
It has been possible to confirm that this is a unique HiddenAds campaign thanks to the negative reviews on the Play Store that confirm that these apps disrupt the user experience. Furthermore, these apps manage to hide their icon on the device and allow the display of external ads.
Another identifying factor of the malicious campaign is that the developer has only one app and a generic email address on their official profile.
Likewise, the terms of service are identical between detected apps, possibly indicating a campaign run by a single developer.
The discovery of 47 malicious apps. Expert advice to avoid falling into the trap
To avoid downloading malicious apps from the Play Store, it is good to follow these four simple steps:
Carefully check the permissions required by the app before installing it – if the app asks for data it doesn’t need, it could be a sign that something is wrong.
Check user reviews: If there are a large number of negative comments, it is good to reconsider downloading the app.
Download an antivirus on your mobile device so that adware and other malicious apps are identified and blocked.