SecneurX Threat Analysis
HiddenAds malware discovered in Android apps that are distributed on Google Play Store
SecneurX Analysis Mobile research team have discovered more mobile Apps that are distributed on the Google Play store infecting Android devices with a malware named “HiddenAds”.
Below mentioned Mobile personalization apps contain the HiddenAds malware. These malicious android apps can affect device performance or jeopardize users’ privacy.
SecneurX Analysis Mobile research team is constantly on the lookout for malicious applications in Google PlayStore. The malicious applications that we identify, and it's associated IOC's, are reported to The Google Play and Android Security Team for the malicious app removal.
XKeyboard: Neon Themes
SScan: QR & Barcode
Xbuttons: Keyboard Themes
We noticed that, at the time of analysis, these applications are very popular and had over 600,000+ cumulative downloads. These apps when installed from play store, changes its icon to any system related icon thus hiding themselves to prevent users from noticing and deleting apps.They change the app name to ‘Google Play’ or ‘Setting’. Its presence on a system endangers device and user safety.
It is learnt that most malicious apps that are part of the HiddenAds family have advertising-supported software (adware) functionalities. In other words, The device will be bombarded with advertisements in a variety of deceptive ways severely impairing the user experience. Due to this, the device performance reduces drastically. Clicking on the advertisements may result in stealth downloads/installation of other malware. Users may inadvertently subscribe to services and be billed monthly, and the privacy of users will be jeopardised.
We strongly advise researching software before download/installation and/or purchase, e.g., by checking the developer's reputation, looking through reviews, reading terms and privacy policies, taking note of required permissions, etc. It is just as important to always download from official and verified sources.
SHA256 of APK