Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store

Aug 1, 2022
Google Android

Researchers at McAfee have discovered that a dozen Android apps, that were distributed on the Google Play Store, had been pushing malicious ads to users. Here's what happened.

HiddenAds malicious apps on Google Play Store

HiddenAds malware in Android apps

This isn't your average malware, it's very sneaky. Once a user downloads such an app onto their Android phone, they don't even have to run it. The malware creates some services that run in the background. It changes its name and icon in the app drawer to represent apps like Setting or Google Play.

Researchers discover HiddenAds malware in a dozen Android apps that wer eon the Google Play Store

The services that the malicious app creators begin displaying ads constantly on the phone. The screenshots show what seems to be interstitial ads (full screen), with various buttons, including a fake warning that the device is at risk. These are just ways to get the user to download another app.

hiddenads malware ads fullscreen

It turns out that the creators of the malware apps used Facebook ads, which contained a link to the Play Store, to make the app appear authentic. The data from McAfee shows us that several users fell for the trick, many of these apps had over 1 Million downloads. The majority of these users were from South Korea, Japan, and Brazil.

The research article (spotted by Bleeping Computer), also explains how the malware works. It uses the Contact Provider, the ContactsContract and Directory class. This Directory class contains special metadata in a manifest file. This data can be recognized by the Contact Provider, which developers can use to create a custom directory, and to transfer data between the device and online services.

When an app is installed or replaced, Contact Provider checks its metadata. This is where the HiddenAds malware's code is stored, and it gets executed after an app is installed/replaced. Using this, it creates a malicious service to push ads. This service automatically starts even if it has been killed. Then it disguises the app by renaming it and changing its icon.

System Cleaner apps, battery care apps, optimizers are very popular on Google Play. They don't need such apps, they do nothing to improve your device's performance, but most users don't know it. They read the title, or whatever fake stuff that is in the description, and download it blindly.

Here is a list of the apps that had the HiddenAds malware.

  1. Junk Cleaner
  2. EasyCleaner
  3. Power Doctor
  4. Super Clean
  5. Full Clean
  6. Fingertip Cleaner
  7. Quick Cleaner
  8. Keep Clean
  9. Windy Clean
  10. Carpet Clean
  11. Cool Clean
  12. Strong Clean
  13. Meteor Clean

The findings were reported by McAfee's Mobile Research Team, and Google has removed the offending apps from the Play Store.

Apple recently claimed that malware was a serious issue on Android, and therefore side-loading apps is dangerous. That is not true, Apple is trying to find an excuse to help it from losing income from developer accounts, and the 30% commission that it earns from them. Though Android isn't completely secure, Google has baked in some barriers in the OS that gets in the way of sideloading apps. The average user may not even know it is possible to download apps from other stores.

The biggest source of malicious Android apps, is none other than the Play Store itself, because it isn't curated/reviewed properly, so most users would be unaware that they are downloading a malicious app.

Have you ever dealt with such apps on your phone?

Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store
Article Name
Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store
Security experts unearthed HiddenAds malware in a dozen Android apps on the Google Play Store.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Raj said on August 3, 2022 at 2:39 pm

    Agreed. I have side loaded apps and do not bother about google ways

  2. Dearldean Hall said on August 2, 2022 at 9:13 pm

    What about the AVG cleaner is it safe

    1. Fiametta said on August 3, 2022 at 1:03 pm

      It is filled with trackers from Google and Facebook and requires way too much acess on your phone. I’d uninstall it right away. Those apps are not needed, Android does everything they do natively. If you really want one, use SDMaid. It is the only good one out there

  3. Nosorry said on August 2, 2022 at 12:20 pm

    I gape in surprise as I watch Google in doing absolutely nothing about the malware on their store.

  4. Yash said on August 2, 2022 at 9:01 am

    There ain’t need for cleaner app in Android if phone is not rooted. However if one needs one check SDMaid and disable network permissions.

  5. Anonymous said on August 1, 2022 at 11:57 pm

    I have a chuckle at all those who overload their phones with garbage apps so they need to do something to clean up.

    There is possibly a cleaner in the store that is reliable but it would be lost amid these trust abusers. There are simply too many apps of identical function in the store for most users to choose wisely and Google to test thoroughly.

    1. Alex said on August 2, 2022 at 10:10 am

      The only one that I’m aware of is SD Maid

  6. rush said on August 1, 2022 at 11:13 pm

    I. AM. SHOCKED. Shocked I tell ya. And I’m sure that google was not aware…Nope…no way…never in a million years would google allow such…such…..such nefariousness within their own store. Google and their partners are all about the beauty and divine goodness of friendly advertising for which their users are completely in heartfelt agreement.

    Have a sparkling day.

  7. No, Thanks CCP said on August 1, 2022 at 9:18 pm

    Get Super EZ Cool Strong Clean XL absolutely free from CCP Inc.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.