Avast discovered yet another Android adware scheme involving apps with over 15 million downloads on the Play Store. The Czech company already reported its findings to Google, who is investigating the matter. Alphabet's subsidiary already removed 30 of the 47 apps Avast found to be carrying the known "HiddenAds" trojan. But some of the most succesful ones — with over a million Play Store installs each — are still available for download as of this writing. No other details of Google's investigation into Avast's claims are currently available. However, the probe will presumably be concluded in a matter of weeks, if not days. At least based on Google's long track record with responding to similar third-party reports.
The apps themselves are exclusively games of various kinds. By aiming them at a casual audience, their developers cast the widest possible net for the adware scheme to succeed. Six of those apps reached seven-digit download figures: Shoot Master, Stacking Guys, Draw Color by Number, Find Hidden Differences, Disco Go!, and Skate Board – New. Avast used its own Apklab.io tool to spot the large-scale adware scheme, the company said.
Android adware keeps thriving on the Play Store
Like any adware, HiddenAds makes money by redirecting users to advertising served by some marketing affiliate platform. Naturally, this only works with a truly massive volume of users, which is where the responsible party or parties got the motivation to create the trojan. The malicious software itself doesn't use some obscure exploit but the oldest trick in the book – user gullibility (to put it mildly). In other words, everything depends on you agreeing to grant some random Android game you got from the Play Store full device administrator rights during installation.
Needless to say, the average user is clueless enough to do this. If not that, they usually aren't paying enough attention to avoid making that grave mistake. Which is why Android adware thrives on the Play Store, and has been since the dawn of the smartphone era. For those very same reasons, it's unlikely malicious mobile apps will become less prevalent in the immediate future. The only truly effective strategy for fighting hackers in the long run is educating the hundreds of millions of users they keep preying on.
This concerning news comes mere days after Google got drawn into another huge security lapse. Namely, a set of malicious browser extensions are said to have infected some 32 million Chrome users around the world. Cybersecurity startup Awake Security is behind the discovery