Google Play is discovered to have apps that are a part of a Trojan campaign
Google Play is found to have Trojan apps from multiple developers
The Trojan campaign seems to have initially targeted users in India
Google Play has been used on bad actors in the past as well
Google Play is said to have at least 17 apps that are a part of a Trojan family called HiddenAds, if cybersecurity firm Avast is to be believed. The apps are found to be a part of a large HiddenAds campaign that initially targeted users in India and Southeast Asia. Avast researchers discovered that these apps are masked as games but are designed to display intrusive ads and can steal personal information of users. The researchers noticed that the Trojan apps have the ability to hide their icons from the affected devices and show timed ads that can't be skipped.
The team of Avast researchers initially discovered a total of 47 apps belonging to the Trojan family HiddenAds. Google, however, removed 30 of those apps upon receiving the report from the antivirus company.
“Once the user downloads the app, a timer starts within the app. The user is allowed to play the game for a set period of time, after which the timer triggers the hide icon feature of the app,” explained Avast Threat Operations Analyst Jakub Vávra, in a blog post. “Once the icon is hidden, the app starts to display ads throughout the device without needing further actions from the user.”
Some of the Trojan apps discovered by the Avast team are claimed to even open the browser to display intrusive ads to users. Since the apps hide their icon after a certain time limit, their victims aren't able to understand the origin of the ads they see on their devices. Having said that, the Trojan apps can still be uninstalled through the app manager of the device.
The Avast team found that each of the discovered apps has a separate developer listed on Google Play, with a generic email address. “Similarly, the Terms of Service are identical across the discovered apps, likely pointing to an organised campaign by one actor,” Vávra added.
In total, the apps carrying the Trojan HiddenAds have been downloaded more than 1.5 crore times. Some of the most downloaded titles that were live at the time of filing this story includes Skate Board - New, Find Hidden Differences, Spot Hidden Differences, Tony Shoot - NEW, and Stacking Guys.
The researchers found that the HiddenAds campaign through the apps were most prevalent in Brazil, India, and Turkey. However, it spread across other regions as well.
An email sent to Google didn't elicit a response at the time of publishing this story.
Not the first time This is notably not the first time when Google Play is found to have the apps that have the potential to steal user information. In July last year, Avast detected apps that were installed a combined 1,30,000 times with the nature of stalking users. Bot mitigation company White Ops in its research paper published earlier this month also revealed that Google removed at least 38 apps from its Google Play store that infested Android devices with out-of-context advertisements.
As Vávra mentioned in a statement posted on GamesIndustry.biz that it is indeed difficult for Google to prevent adware campaigns as there are single developers for each app. “Campaigns like HiddenAds may slip into the Play Store through obfuscating their true purpose or slowly introducing malicious features once already downloaded by users,” analyst said.
In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a principal correspondent for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at email@example.com. Please send in your leads and tips.