Adware Slips Past Play Protect, Gets Over 500,000 Downloads

The Google Play Store has numerous protections in place, but enterprising hackers will always find a way, as evidenced by a number of malware-infected apps that have recently been taken down, but not before at least one of them passed the 500,000 download milestone. The malware in question is known as Andr/HiddnAd-AJ, and it gets its name from the fact that it's well-hidden from both Google's Play Protect technology and unsuspecting users until it's too late. Some of the infected apps masqueraded as QR code scanners or compass apps, and could be observed exhibiting tame behavior for hours on end before suddenly unleashing wave after wave of all sorts of ads upon hapless devices.

The way it all works is by planting a graphics subset into the app's programming that looks like any old library you may find in an average Android app. To Play Protect, it looks as though the app plans to pull some visual assets from an outside server. What happens instead is that the app connects to a command server upon first being loaded up, and receives a set of instructions along with a unique Google ad ID. From there, it will wait as long as specified, then open up full-screen ads even when the app in question is not being used, and throw ad-laden notifications into your notification bar. After a while, it will connect to the command server again for new assets and instructions.

If you've been infected with one of these adwares, uninstalling the app should be enough. Sophos' security staff analyzed one infected app and did not see anything noteworthy to suggest that it makes any effort to stick around or spread itself. Rooted users may want to run a few extra checks before assuming all is well. The Sophos Mobile Security app and others like it can detect such malware, among others, for free. Google's Play Protect system is far from perfect, as is almost any security system, but users are advised to continue trusting it for now and to stay away from third-party app markets when possible, as most of them have little to no vetting process for new apps.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]