New auto-starting malware on the Google Play Store has been identified.
HiddenAds Android Malware
The malware is propagated with the help of malicious apps masquerading themselves as cleaner and optimization apps for device management. The Android apps were distributed on the Google Play Store.
Discovered by McAfee’s Mobile Research Team, the malware is capable of hiding itself and continuously showing advertisements to victims (Android users). The malware is also capable of running its services automatically upon installation without the need of executing the app.
In short, the malware is capable of executing itself without the need of user interaction, and it can also conceal itself in a way that the user won’t notice its presence. Other capabilities of the so-called HiddenAds malware include changing the fake app’s icon to a Google Play icon familiar to the victim, and changing its name to “Google Play” or “Setting.”
The end goal of the malicious apps campaign is displaying advertisements to Android victims in several ways.
How are the malicious apps reaching Android users? “To promote these apps to new users, the malware authors created advertising pages on Facebook. Because it is the link to Google Play distributed through legitimate social media, users will download it without a doubt,” the report said.
How many Android users have been affected by HiddenAds? Between 100 thousand and 1 million devices have been affected so far. Since the malware works once it is installed, the installation number can be reflected as the number of victims. Telemetry data shows that a wide range of countries have been affected including South Korea, Japan, and Brazil.
Another example of recently detected Android malware is HiddenMenu.