The team of Avast researchers initially discovered a total of 47 apps related to the Trojan family HiddenAds. Google, however, removed 30 of those apps upon receiving the report from the antivirus company.
“Once the user downloads the app, a timer starts within the app. The user is allowed to play the game for a set period of time, after which the timer triggers the hide icon feature of the app, ” explained Avast Threat Operations Analyst Jakub Vávra, in a blog post. “Once the icon is hidden, the app starts to display ads throughout the device without needing further actions from the user.”
Some of the Trojan apps discovered by the Avast team are claimed to even open the browser to display intrusive ads to users. Since the apps hide their icon after a certain time limit, their victims are not able to understand the origin of the ads they see on their devices. Having said that, the Trojan apps can still be uninstalled through the app manager of the device.
The Avast team found that each of the discovered apps has a separate developer listed on Google Play, with a generic email address. “Similar, the terms of service are identical across the discovered apps, likely pointing to an organized campaign by one actor,” Vávra added.
In total, the apps carrying the Trojan HiddenAds have been downloaded more than 1.5 crore times. Some of the most downloaded titles that were live at the time of filing this story includes Skate Board – New, Find Hidden Differences, Spot Hidden Differences, Tony Shoot – NEW, and Stacking Guys.
The researchers found that the HiddenAds campaign through the apps were most prevalent in Brazil, India, and Turkey. However, it spread across other regions as well.
An email sent to Google did not elicit a response at the time of publishing this story.
Not the first time
This is notably not the first time when Google Play is found to have the apps that have the potential to steal user information. In July last year, avast detected apps that were installed a combined 1,30,000 times with the nature of stalking users. Bot mitigation company White Ops in its research paper published earlier this month also revealed that Google removed at least 38 apps from its Google Play store that infested Android devices with out-of-context advertisements.
As Vávra mentioned in a statement posted on GamesIndustry.biz that it is indeed difficult for Google to prevent adware campaigns as there are single developers for each app. “Campaigns like HiddenAds may slip into the Play Store through obfuscating their true purpose or slowly introducing malicious features once already downloaded by users,” analyst said.
Steps to stay away from such apps
In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.