Avast, which specialises in digital security and privacy products, has discovered and reported to Google 47 malicious adware apps on the Google Play Store disguised as games. The apps, which have been downloaded more than 15m times in total, serve intrusive adds even outside of the application.
As of yesterday, 17 of the apps were still available on the Google Play Store, but Google’s investigations into the apps are ongoing. The apps, which were available in the Play Store are a part of the HiddenAds family, a Trojan disguised as a safe and useful application but which instead serves intrusive ads outside of the app.
Avast researchers were able to make this initial discovery by using apklab.io’s automatic detection software that was based on a previous HiddenAds campaign found in Google Play Store recently. Through this analysis, Avast was able to find the campaign by comparing their similar activities, features and network traffic.
The apps have the ability to hide their icon on an infected device and display device-wide intrusive ads, which is a key feature of the HiddenAds family. Seven of the apps can open the phone’s browser to display additional ads. Even once the user removes the app from their device, the ads will be continually served. The apps have low ratings, where users complain about the incessant ads and the low functionality of the gaming features.
“Campaigns like HiddenAds may slip into the Play Store through obfuscating their true purpose or slowly introducing malicious features once already downloaded by users,” said said Jakub Vávra, Threat Analyst at Avast. “It’s difficult to prevent adware campaigns since actors use one-off developer accounts for each app. While Google has been a great partner to remove malicious apps, users need to remain vigilant as they download new apps on their devices and check for tell-tale signs of a bad app, such as negative reviews, extensive device permission requests and more.”