Researchers at Avast discovered in the Google Play Store, 47 applications that disguised themselves as games and contained Trojans of the HiddenAds family. In total, the applications found were downloaded more than 15 million times, and this campaign is currently the most common in Brazil, India and Turkey.
Experts have already reported the problem to Google, but so far some applications are still available on the Google Play store, as the investigation is still ongoing. All applications have low gaming capabilities and a low rating: users complain about constant advertising.
Typically, applications with HiddenAds trojans disguise themselves as safe and useful, but in reality they only bombard users with intrusive ads that appear outside of applications. In addition, such applications can hide their icons on an infected device, and 7 out of 47 applications found can also open a browser on a smartphone to display additional ads. Even when the user removes the problematic application from his device, the advertisement will still continue to be displayed.
Avast Analysts Detected This Campaign With apklab.io, based on a previous HiddenAds campaign recently seen on the Google Play Store. Researchers compared the actions, features, and network traffic of these applications.
“Campaigns such as HiddenAds can infiltrate the official Google Play Store, hiding their true purpose or slowly introducing malicious features (only when already downloaded to the device). Such campaigns are difficult to prevent because attackers use one-time developer accounts for each application, ”says Jakub Wavra, a threat analyst at Avast. –– Although Google is a trusted store and regularly removes malicious applications, users still need to remain vigilant. When downloading new applications to your devices, it is important to watch so that there are no obvious signs of a bad application, for example, negative reviews, requests for a large number of permissions, and much more. ”
A list of the 20 most downloaded applications with HiddenAds can be seen below.