The antivirus company Doctor Web reported that its specialists in the Google Play catalog detected a large number of Trojans of the Android. HiddenAds family designed to display annoying ads. Since the beginning of February, nearly 40 new modifications of such malicious applications have been identified, and about 10 million users have downloaded them. Some of these Trojans are distributed by scammers via Instagram and YouTube. Thanks to advertising on popular social networks and Internet services with a multi-million audience, the number of potential victims who can install dangerous programs is growing significantly.
During February, virus analysts identified 39 new modifications of the Trojan family Android. HiddenAds on Google Play. They hid in useful and harmless programs: photography applications, image and video editors, desktop wallpaper collections, system utilities, games, and other software. In total, at least 9,940,305 users managed to install them. Doctor Web notified Google about the trojans it had found, but at the time this news was published, some of them were still available for download.
The main function of malicious applications Android. HiddenAds is to display ads. They constantly display windows with banners and video ads that overlap windows of other programs and the system interface, interfering with normal work with infected devices. Here is an example of such an advertisement:
Since Trojans display banners almost continuously, cybercriminals quickly recoup the costs of promoting their crafts through popular Internet services.
To stay on smartphones and tablets for as long as possible, Trojans Android. HiddenAds hide their icon in the list of applications on the main screen. After that, they can no longer be launched, and it also becomes more difficult to find and remove. In addition, over time, some users may completely forget which programs they installed, which will also increase the “survivability” of Trojans.
Almost all members of the Android. HiddenAds family, identified in February, also hide their own icons, but instead place shortcuts for their launch. Most likely, the authors of the Trojans tried to deflect suspicion from them, while reducing the risk of their removal. Unlike icons on the home screen, shortcuts do not allow you to uninstall apps via the context menu. As a result, if an inexperienced user suspects something and tries to remove the Trojan through its icon, he will only get rid of the shortcut, and the Trojan itself will remain on the device and continue to work secretly and bring money to cybercriminals.
Many of these malicious applications were installed by the owners of Android smartphones and tablets after watching advertisements on Instagram and YouTube, in which cybercriminals promised functional and powerful photo and video processing tools. At first glance, the Trojans match the description and do not arouse suspicion among potential victims. But in fact, apart from one or more basic functions, they have nothing of what was said in the declarations.