Researchers spotted adware hidden inside 85 Android apps including games, TV apps, and remote control apps which were available to download in Google Play Store. These 85 apps were downloaded more than 9 million times. An app named ‘Easy Universal TV Remote’ was downloaded over five million times. Upon learning, Google has removed those 85 apps from the Google Play Store.
Researchers from Trend Micro identified the active adware family dubbed as AndroidOS_HidenAd. Researchers stated that this adware is capable of displaying full-screen ads, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background.
Researchers investigated the 85 apps and found that all the apps exhibited similar behaviors and shared a similar code despite by being made by different app developers.
- Once an Adware app is installed by a user, it initially pop-ups a full-screen ad.
- When the user attempts to close the first ad, CTA buttons such as ‘start’, ‘open app’, ‘next’, and a banner ad will appear on the mobile display screen.
- Upon clicking the CTA button, another full-screen ad is displayed on the mobile screen.
- Once the user exits the full-screen ad, more CTA buttons that provide app-related options appear on the mobile screen.
- The app also urges the user to give the app a five-star rating on Google Play.
- Later, the app informs the user that it is loading, however, after a few seconds, the app would suddenly disappear hiding its app icon.
- Despite the app being hidden, it would continue to run in the background, displaying full-screen ads every 15 or 30 minutes, until the user uninstalls the app.
The adware-infected 85 Android apps include Easy Universal TV Remote, POLSKA TV, Canais de TV da Brazil, TV World Channel, Offroad Extreme, Prado Parking Simulator 3D, TDT Espana, Extreme Trucks, Garage Door Remote, Racing Car 3D, Hearts Stickers, and more.
Trend Micro reported all these 85 apps to Google and Google immediately removed these apps from the Google Play Store.