21 Android Apps With HiddenAds Adware Found, Named, Shamed, And Reported

Android trojan

Ads power free things on the web and mobile. And developers have been known to sometimes use malicious attempts to show those ads.

Malicious apps on Google Play Store is nothing new. But this time, a long list of Android apps have been named and shamed by antivirus developer Avast. Users who have downloaded any of the apps are urged to remove them, due to their malicious intentions.

Researchers at Avast discovered 21 malicious Android apps that use misleading titles on Google Play Store.

Upon closer inspection, seeing their apps' reviews and combing through the hundreds of user reviews, the researchers found that the nearly two dozen apps have adware that is part of the HiddenAds family.

The apps lure people to download the apps by posing as harmless gaming apps with interesting titles.

For example, the apps promise to virtually "let your car fly across the road, trees, hills," to shoot criminals from a helicopter, or, for household enthusiasts, allow users to virtually iron their clothes.

When downloaded, the apps will display intrusive ads.

These are apps the researchers listed, ordered by popularity:

  1. Shoot Them.
  2. Crush Car.
  3. Rolling Scroll.
  4. Helicopter Attack - New.
  5. Assassin Legend - 2020 New.
  6. Helicopter Shoot.
  7. Rugby Pass.
  8. Flying Skateboard.
  9. Iron it.
  10. Shooting Run.
  11. Plant Monster.
  12. Find Hidden.
  13. Find 5 Differences - 2020 New.
  14. Rotate Shape.
  15. Jump Jump.
  16. Find the Differences - Puzzle Game.
  17. Sway Man.
  18. Desert Against.
  19. Money Destroyer.
  20. Cream Trip - New.
  21. Props Rescue.

According to data by Sensor Tower, a mobile apps marketing intelligence and insights company, it's estimated that the apps above have a combined 8 million downloads so far.

Shoot Them user review
The user review section for the 'Shoot Them' app reveals complaints from annoyed users.

According to Jakub Vávra, Threat Analyst at Avast in a post on PR Newswire:

"Developers of adware are increasingly using social media channels, like regular marketers would. This time, users reported they were targeted with ads promoting the games on YouTube. In September we saw adware spread via TikTok. The popularity of these social networks make them an attractive advertising platform, also for cybercriminals, to target a younger audience."

"While Google is doing everything possible to prevent HiddenAds from entering its Play Store, the malicious apps keep finding new ways to disguise their true purpose, thus slipping through to the platform and then to users' phones. Users need to be vigilant when downloading applications to their phones and are advised to check the applications' profile, reviews and to be mindful of extensive device permission requests."

The HiddenAds family is a type of trojan disguised as a safe and useful app but instead serves intrusive ads that can often pop up outside of the app.

Avast suggested that users should never rely solely on Google to keep them protected from adware, ransomware, spyware, and all those other types of trojans and viruses that frequently wreak havoc on the official Google Play Store.

Android users should not rely on an app's installation count as reference. This is because the number of Google Play downloads is not always the representative of an app's reliability.

Another potential red flag is a developer with only one app to its name. This could signal that the developer or company behind the app is actually running multiple accounts, in order to hide their malicious business from Google.

What users should do, is pay extra attention to reviews. Anything that has lots of 5-star and 1-star ratings is probably malicious. Apps that have an average of less than 3 stars are either dangerous or not worth downloading.

And last, users should always check for the permissions an app asks when installing. Too many permission for a simple app should raise a red flag.

With Avast discovering yet more malicious apps on Google Play Store, simply shows that Google is not doing enough to prevent these threats from getting in, and especially eliminating them for good