Google has been forced to remove 85 adware-laden gaming and photo apps from its official Play store which had been downloaded over eight million times.
The Android custodian was informed about the adware by Trend Micro, which detected the new variant as AndroidOS_Hidenad.HRXH.
In a blog post, mobile threat response engineer Ecular Xu claimed that the ads generated by this malware are particularly difficult to close, and feature “unique techniques to evade detection through user behavior and time-based triggers.”
After checking whether the adware has been installed for 30 minutes – an attempt to evade sandbox analysis – it will hide its icon and create a shortcut on the home screen.
“To evade detection, the app uses Java reflection – which enables the runtime behaviors of an application to be inspected or modified – and encodes the API strings in base64,” Xu continued.
Ads are then flashed up to the user, with the adware checking to make sure it isn’t showing the same ones too frequently.
“While the apps do have actual functionalities of the applications they are posing as, these ads are shown in full screen,” Xu warned.
“Users are forced to view the whole duration of the ad before being able to close it or go back to app itself. Moreover, the frequency of ads being displayed can be remotely configured by the fraudster (the default is five minutes), so it could exacerbate the nuisance for users.”
Some users would have been able to block the apps, had they been accidentally downloaded: the most recent Samsung devices restrict the creation of shortcuts on the home screen, while Android 8 and later versions require user confirmation before a shortcut can be created, Xu said.
Mobile AV from a reputable vendor can also help to block malicious apps.
Some of the apps pre-loaded with the adware included Blur Photo Editor, Magic Camera, One Stroke Line Puzzle, Toy Smash and Beautiful House.
The news serves as a continued warning to users to exercise caution when downloading Android apps, even on the official marketplace.