Adware Hidden In Play Store Apps Infects 8 Million Users

Google has removed some 85 apps from the Play Store after they were found to be thinly disguised adware.

The apps, which appeared to be games or photography utilities, used “unique techniques” to evade detection, according to Ecular Xu, a researcher at Trend Micro, which discovered the malware.

The apps, which bombarded users with full-screen ads, also tried to make themselves more difficult to remove.

Altogether they have been downloaded 8 million times, Xu said.

Mobile adware

“While they may be viewed as a nuisance at best, mobile ad fraud– and adware-related incidents became so rampant last year that it cost businesses hefty financial losses,” said Xu in an advisory.

The apps all contained the same malware, which Trend Micro detects as AndroidOS_Hidenad.HRXH.

They made use of unusual features to avoid detection, including using time-stamps to delay displaying ads until after the app had been installed for 30 minutes.

The malware also uses the Android intent action USER_PRESENT to help detect whether the user is actively using the phone.

Assuming these conditions check out, the app begins displaying full-screen ads each time the user unlocks the device.

The ads can last up to five minutes and while they’re playing they can’t be switched off.


The malware also tries to make itself more difficult to uninstall by hiding its icon and making an app shortcut appear on the home screen in its place.

Unlike the app icon, the shortcut can’t be used to quickly uninstall the app, forcing the user to go into app settings to do so.

Xu noted that some Android devices allow users to restrict apps from creating home screen icons, or require user approval to do so.

If the shortcut isn’t created, users could be made more aware of its more unusual behaviors,” Xu said.

Trend Micro provided indicators of compromise in its advisory.

Google routinely detects and removes adware and other malware from the Play Store.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Security Flaw Being Actively Exploited

Update now. Vulnerability impacts a number of Apple iPhone, iPad and Mac models, and the…

12 hours ago

Yale University Names Firms Still Operating In Russia

Data from Yale University shows a number of big name tech companies continue to trade…

13 hours ago

Police Arrest Four Over BT Cable Theft In North Yorkshire

Police make arrests after Openreach confirms to Silicon UK that a cable theft left 200…

1 day ago

UK Staff Resisting ‘Big Return’ To The Office, Says infinitSpace

Remote working to stay? Majority of business leaders are struggling to get staff to return…

1 day ago

Apple Axes 100 Recruiters, Amid Hiring Slowdown – Report

Hiring slowdown at Apple? Tech giant reportedly lets go 100 contract-based recruiters in the past…

1 day ago