Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store
Researchers at McAfee have discovered that a dozen Android apps, that were distributed on the Google Play Store, had been pushing malicious ads to users. Here's what happened.
HiddenAds malware in Android apps
This isn't your average malware, it's very sneaky. Once a user downloads such an app onto their Android phone, they don't even have to run it. The malware creates some services that run in the background. It changes its name and icon in the app drawer to represent apps like Setting or Google Play.
The services that the malicious app creators begin displaying ads constantly on the phone. The screenshots show what seems to be interstitial ads (full screen), with various buttons, including a fake warning that the device is at risk. These are just ways to get the user to download another app.
It turns out that the creators of the malware apps used Facebook ads, which contained a link to the Play Store, to make the app appear authentic. The data from McAfee shows us that several users fell for the trick, many of these apps had over 1 Million downloads. The majority of these users were from South Korea, Japan, and Brazil.
The research article (spotted by Bleeping Computer), also explains how the malware works. It uses the Contact Provider, the ContactsContract and Directory class. This Directory class contains special metadata in a manifest file. This data can be recognized by the Contact Provider, which developers can use to create a custom directory, and to transfer data between the device and online services.
When an app is installed or replaced, Contact Provider checks its metadata. This is where the HiddenAds malware's code is stored, and it gets executed after an app is installed/replaced. Using this, it creates a malicious service to push ads. This service automatically starts even if it has been killed. Then it disguises the app by renaming it and changing its icon.
System Cleaner apps, battery care apps, optimizers are very popular on Google Play. They don't need such apps, they do nothing to improve your device's performance, but most users don't know it. They read the title, or whatever fake stuff that is in the description, and download it blindly.
Here is a list of the apps that had the HiddenAds malware.
- Junk Cleaner
- Power Doctor
- Super Clean
- Full Clean
- Fingertip Cleaner
- Quick Cleaner
- Keep Clean
- Windy Clean
- Carpet Clean
- Cool Clean
- Strong Clean
- Meteor Clean
The findings were reported by McAfee's Mobile Research Team, and Google has removed the offending apps from the Play Store.
Apple recently claimed that malware was a serious issue on Android, and therefore side-loading apps is dangerous. That is not true, Apple is trying to find an excuse to help it from losing income from developer accounts, and the 30% commission that it earns from them. Though Android isn't completely secure, Google has baked in some barriers in the OS that gets in the way of sideloading apps. The average user may not even know it is possible to download apps from other stores.
The biggest source of malicious Android apps, is none other than the Play Store itself, because it isn't curated/reviewed properly, so most users would be unaware that they are downloading a malicious app.
Have you ever dealt with such apps on your phone?Advertisement