HiddenAds malware discovered in Android apps that are distributed on Google Play Store

SecneurX Analysis Mobile research team have discovered more mobile Apps that are distributed on the Google Play store infecting Android devices with a malware named “HiddenAds”.


Below mentioned Mobile personalization apps contain the HiddenAds malware. These malicious android apps can affect device performance or jeopardize users’ privacy.


SecneurX Analysis Mobile research team is constantly on the lookout for malicious applications in Google PlayStore. The malicious applications that we identify, and it's associated IOC's, are reported to The Google Play and Android Security Team for the malicious app removal.


XKeyboard: Neon Themes
SScan: QR & Barcode
InCall: Personalization
Xbuttons: Keyboard Themes

We noticed that, at the time of analysis, these applications are very popular and had over 600,000+ cumulative downloads. These apps when installed from play store, changes its icon to any system related icon thus hiding themselves to prevent users from noticing and deleting apps.They change the app name to ‘Google Play’ or ‘Setting’. Its presence on a system endangers device and user safety.



It is learnt that most malicious apps that are part of the HiddenAds family have advertising-supported software (adware) functionalities. In other words, The device will be bombarded with advertisements in a variety of deceptive ways severely impairing the user experience. Due to this, the device performance reduces drastically. Clicking on the advertisements may result in stealth downloads/installation of other malware. Users may inadvertently subscribe to services and be billed monthly, and the privacy of users will be jeopardised.


We strongly advise researching software before download/installation and/or purchase, e.g., by checking the developer's reputation, looking through reviews, reading terms and privacy policies, taking note of required permissions, etc. It is just as important to always download from official and verified sources.


IoC’s

circlepieces[.]us

SHA256 of APK

45ecb623ed4ef0339b79d709b1efb6e699ca765ee82d315cf2f8cba9ea24dbf7

a89909d5f3a782178331c9961ecc0cbcc42fd3985bf0dced61d7244a9d56e55f

dfcb720dacc0f758e52795f4efbd2da2028bef99b7661d0532a330629c81f200

966781b7ba3940a40c25dd1580e794c64966682290429c53c692980b95fa1764

151d79d43dd004f51f3d9310dc9b88cb103acf0ba547966357a18844624ddefd

5e51e10175bd04e4008f29e2a3860c5eeb5f61310bd6be1f05e1630dd43e82c8

2ae42f3a497daa497480799dc77becb902f3b47b705cd4c8ecbbc120a1dce94a

f984fb5c21425092df4b8df8ada78e1a29e9718887d48ca945e481e97be41e92

7c86864486879ab408b78c399e7254c699e4c7f55e3a88d5300811d8c5b7d73e

5d8966da69b6ce221f8215cd1ce8c7b65dfd2cba413a657d89fa50aa08ae6d11

f9fdc7ed01d112d43b98fba0882704778af1241e3ba6739d276027c42c3a06a9

4d4c0929cd78df2807808f225583203aa12f1b253a5dd34320d41fd05f920658

42cad0c140c15ec66aab4c140085413cd47757c02b0273d1448b76f0a2f5b6b0

bb08f1af94054c2d8195c8d4347a00dfd780406a37364b9a588b825729c50d5d

Package Names

com.mycallcallpersonalization.app

com.xphonecallwallpaper.app

com.worldcup22wallpapers.app

com.xchangeicondesign.app

com.xcallcustomcallscreen.app


40 views0 comments