An active adware has been detected on the Google Play store that can display full-screen ads, monitor when a device’s screen is unlocked, and run in the mobile device’s background.
Trend Micro detected the adware — AndroidOS_HidenAd — disguised as 85 game, TV, and remote control simulator apps on the Google Play store. The apps were downloaded 9 million times around the world before Google suspended the fake apps from the store.
The “Easy Universal TV Remote,” which promised to enable a person’s smartphone to control their TV, was the top choice among the fake apps. It was downloaded more than 5 million times.
“We tested each of the fake apps related to the adware family and discovered that though they come from different makers and have different APK cert public keys, they exhibit similar behaviors and share the same code,” according to Trend Micro’s blog.
The blog explained that once the adware is downloaded and launched, a full-screen ad pops up. When closed, call-to-action buttons appear, and tapping on one will launch another full-screen ad. The cycle continues as more call-to-action buttons pop up, which bring about even more full-screen ads.
The fake app will then tell the user that it is loading or buffering before disappearing from the mobile device’s screen and hiding its icon. However, the fake app is still running in the background, and will show a full-screen ad every 15 or 30 minutes. Some of the fake apps can even monitor when a user unlocks their screen and shows an ad each time the user performs the action.
“While the fake apps can be removed manually via the phone’s app uninstall feature, it can be difficult to get there when full-screen ads show up every 15 or 30 minutes or each time a user unlocks the device’s screen,” the blog added.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More