Google has removed 21 new malicious apps from the official Play Store because they were found displaying intrusive ads.
The following malicious apps were spotted by researchers from cybersecurity firm Avast:
|Helicopter Attack – NEW|
|Assassin Legend – 2020 NEW|
|Find 5 Differences – 2020 NEW|
|Find the Differences – Puzzle Game|
|Cream Trip – NEW|
The Android apps reported in the above table were downloaded nearly eight million times by Android users.
“the apps in question are 21 gaming apps that come packed with hidden adware that is part of the HiddenAds family. According to SensorTower, a mobile apps marketing intelligence and insights company, the apps have been downloaded approximately eight million times thus far.” reads the post published by Avast.
The tainted gaming apps are bundled with HiddenAds malware, which is known to be an adware that serves intrusive ads outside of the app.
Threat actors behind these malicious apps advertised them on social media channels to lure users into downloading them.
“Developers of adware are increasingly using social media channels, like regular marketers would,” Jakub Vávra, Threat Analyst at Avast, says. “This time, users reported they were targeted with ads promoting the games on YouTube. In September, we saw adware spread via TikTok. The popularity of these social networks make them an attractive advertising platform, also for cybercriminals, to target a younger audience,”
Upon installing the malicious apps, they hide their icons to prevent deletion and they also hide behind relevant-looking advertisements, making them hard to identify.
The apps also have the ability to draw over other apps to show timed ads that users cannot skip. Experts also reported that in some cases the malware uses the browser to bombard the users with annoying ads.
Fortunately, the apps do not implement rootkit capabilities and users can uninstall them from the app manager features of the device.
It is not the first time that AVAST discovers tainted applications in the official Play Store. In July, the researchers from AVAST discovered a currency converter application in the Google Play store that was downloaded by more than 10,000 users and that was designed to deliver the Cerberus banking Trojan.
(SecurityAffairs – hacking, Google Play Store)