Unlike other malicious apps that have to be opened first, HiddenAds malware-containing apps start malicious services automatically after they are installed. They are also constantly showing ads to the victim Android smartphone They are difficult to remove once installed.
according to Blog post (Opens in a new tab) From McAfee’s Mobile Research Team, most apps containing this new malware are disguised as cleaner apps Which deletes junk files or helps improve battery life on Android devices.
Below you will find a list of all 13 apps that contain HiddenAds malware along with the number of times they have been downloaded from the Play Store:
- Junk File Cleaner – 1 Million +
- EasyCleaner – 100K+
- Power Doctor – 500K +
- Super Clean – 500K +
- Full cleaning – clean cash – 1 million +
- Fingertips Cleaner – 500K+
- Quick Cleaner – 1 Million +
- Keep Clean – 1 Million +
- Windy Clean – 500K +
- Carpet Cleaning – 100K+
- Cool Clean – 500K +
- Powerful Cleaning – 500K+
- Meteor Clean – 100K +
Auto-start malware can disguise itself
Even though they contain malware, all of these apps manage to do that Bypass Google’s defenses It ends up in the Play Store. Fortunately, though, McAfee shared her findings with the search giant and they have all since been taken down. However, you will need to delete them manually from your Android smartphone.
Although downloading and installing an app without opening it is normally safe, this is not true in this case. When you install any of these apps on your devices, they automatically launch HiddenAds malware and start running in the background.
At the same time, these malicious apps are able to disguise themselves to prevent users from noticing and deleting them. For example, they changed their icon to the Google play icon familiar to users and changed their name to either “Google Play” or “Setup” to remain undetected.
The malicious services operated by these applications display advertisements to victims in a number of ways. However, all of these ads are full screen and very intrusive. HiddenAds malware applications also try to induce users to launch an application when they install, uninstall or update any of the other applications on their devices.
Advertising on Facebook
To promote their new malware, the cybercriminals behind the HiddenAds campaign turned to Facebook to do just that.
Since all of these apps bypassed Google’s defenses and ended up in the Play Store, their creators were able to create Facebook pages for each app and promote them on the social network. This is because Facebook does not see Play Store URLs as malicious even if those links lead to apps that contain malware.
Cybercriminals often take advantage of free services to lure victims into their malware and anyone can create their own Facebook Business account and business page.
How to protect yourself from HiddenAds malware
The first thing you should do is to check the above list and make sure that none of these apps are installed on your smartphone or Android tablet. From here, you should uninstall it and consider using one of the Best antivirus apps for Android on your phone to remove any malware they might have left behind.
You should also make sure that Google Play Protect is enabled on your devices because it constantly scans the apps installed on your smartphone for malware and warns you if you are about to install a suspicious app.
While you shouldn’t Install apps from unknown sourcesMalware can, and often does, end up in the Play Store despite Google’s best efforts. This is why you should stick to apps from well-known brands with good reviews and high install counts. If the app came from an unknown developer, it could be good even though it could be malicious.
As the HiddenAds malware is still in development and the cybercriminals behind it are developing new variants, we could see more malicious apps using it in the future according to McAfee.