Adware found in 21 Android apps with more than 7 million downloads

Google has removed 15 of 21 Android applications from the official Play Store over the weekend following a report from Czech antivirus maker Avast.

The security firm said the apps were infected with a type of malware known as HiddenAds.

Discovered in 2019, this Android adware strain operates by showing excessive and intrusive ads and by opening mobile browsers on ad-heavy or promotional pages.

In a report published today, Avast malware analyst Jakub Vávra said the apps mimicked popular games, and the criminal group behind this operation relied on social media ads and marketing to draw users to their Play Store pages.

Once users installed any of these apps, the HiddenAds malware would hide the app’s icon (to make it difficult for users to delete the app in the future) and then start bombarding users with ads.

The names and Play Store URLs of all the 21 apps are available in this spreadsheet.

Six of the 21 apps are still available on the Play Store at the time of writing, such as: Shoot Them, Helicopter Shoot, Find 5 Differences – 2020 NEW, Rotate Shape, Cover art Find the Differences – Puzzle Game, and Money Destroyer.

Avast said the apps were downloaded by more than seven million users before it filed its report with Google last week.

Vávra said that it’s easy to fall for these apps and install one on your phone, but there are some patterns and giveaways that can help users identify possibly malicious apps.

“Users need to be vigilant when downloading applications to their phones and are advised to check the applications’ profile, reviews and to be mindful of extensive device permission requests,” Vávra said.

Furthermore, since many of these apps (games) are geared toward kids and usually advertised on social media networks, the Avast malware analyst also encouraged parents to speak and teach their kids about malware and online safety.

Today’s Avast report is just the latest in a long list of Google enforcements against malware operators who manage to sneak their malware past the Play Store’s defenses.

In recent months, Google has also removed 17 Android apps caught engaging in WAP billing fraud, then another 64, then three more, then 56 more apps part of an ad fraud botnet, then 240+ apps that showed out-of-context ads, then another 38 apps that also showed out-of-context ads, and finally, Google deactivated the accounts of six developers for uploading apps tainted with the Cerberus banking trojan.