Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store
Researchers at McAfee have discovered that a dozen Android apps, that were distributed on the Google Play Store, had been pushing malicious ads to users. Here's what happened.
HiddenAds malware in Android apps
This isn't your average malware, it's very sneaky. Once a user downloads such an app onto their Android phone, they don't even have to run it. The malware creates some services that run in the background. It changes its name and icon in the app drawer to represent apps like Setting or Google Play.
The services that the malicious app creators begin displaying ads constantly on the phone. The screenshots show what seems to be interstitial ads (full screen), with various buttons, including a fake warning that the device is at risk. These are just ways to get the user to download another app.
It turns out that the creators of the malware apps used Facebook ads, which contained a link to the Play Store, to make the app appear authentic. The data from McAfee shows us that several users fell for the trick, many of these apps had over 1 Million downloads. The majority of these users were from South Korea, Japan, and Brazil.
The research article (spotted by Bleeping Computer), also explains how the malware works. It uses the Contact Provider, the ContactsContract and Directory class. This Directory class contains special metadata in a manifest file. This data can be recognized by the Contact Provider, which developers can use to create a custom directory, and to transfer data between the device and online services.
When an app is installed or replaced, Contact Provider checks its metadata. This is where the HiddenAds malware's code is stored, and it gets executed after an app is installed/replaced. Using this, it creates a malicious service to push ads. This service automatically starts even if it has been killed. Then it disguises the app by renaming it and changing its icon.
System Cleaner apps, battery care apps, optimizers are very popular on Google Play. They don't need such apps, they do nothing to improve your device's performance, but most users don't know it. They read the title, or whatever fake stuff that is in the description, and download it blindly.
Here is a list of the apps that had the HiddenAds malware.
- Junk Cleaner
- EasyCleaner
- Power Doctor
- Super Clean
- Full Clean
- Fingertip Cleaner
- Quick Cleaner
- Keep Clean
- Windy Clean
- Carpet Clean
- Cool Clean
- Strong Clean
- Meteor Clean
The findings were reported by McAfee's Mobile Research Team, and Google has removed the offending apps from the Play Store.
Apple recently claimed that malware was a serious issue on Android, and therefore side-loading apps is dangerous. That is not true, Apple is trying to find an excuse to help it from losing income from developer accounts, and the 30% commission that it earns from them. Though Android isn't completely secure, Google has baked in some barriers in the OS that gets in the way of sideloading apps. The average user may not even know it is possible to download apps from other stores.
The biggest source of malicious Android apps, is none other than the Play Store itself, because it isn't curated/reviewed properly, so most users would be unaware that they are downloading a malicious app.
Have you ever dealt with such apps on your phone?
Agreed. I have side loaded apps and do not bother about google ways
What about the AVG cleaner is it safe
It is filled with trackers from Google and Facebook and requires way too much acess on your phone. I’d uninstall it right away. Those apps are not needed, Android does everything they do natively. If you really want one, use SDMaid. It is the only good one out there
I gape in surprise as I watch Google in doing absolutely nothing about the malware on their store.
There ain’t need for cleaner app in Android if phone is not rooted. However if one needs one check SDMaid and disable network permissions.
I have a chuckle at all those who overload their phones with garbage apps so they need to do something to clean up.
There is possibly a cleaner in the store that is reliable but it would be lost amid these trust abusers. There are simply too many apps of identical function in the store for most users to choose wisely and Google to test thoroughly.
The only one that I’m aware of is SD Maid
I. AM. SHOCKED. Shocked I tell ya. And I’m sure that google was not aware…Nope…no way…never in a million years would google allow such…such…..such nefariousness within their own store. Google and their partners are all about the beauty and divine goodness of friendly advertising for which their users are completely in heartfelt agreement.
Have a sparkling day.
Get Super EZ Cool Strong Clean XL absolutely free from CCP Inc.