85 Sneaky Adware Apps Racked Up 8 Million Cumulative Downloads From Google Play

play store app
It seems as though every few weeks that we hear about a new Android malware or adware scheme that has invaded the Google Play Store. Unfortunately, we today have to report on yet another adware scheme that was uncovered by the security gurus over at Trend Micro. 

The adware has been identified as AndroidOS_Hidenad.HRXH, and it was preloaded on 85 apps found in Google Play. According to the security researchers, the adware was primarily disguised as either a photography or gaming app. What's most alarming, however, is that these 85 apps were cumulatively downloaded over 8 million times by unsuspecting Android users. 

adware trend micro
A small sample of the adware apps on Google Play.

According to Trend Micro, after users installed the infected apps, an internal "time bomb" of sorts would sit dormant for 30 minutes, after which it would it would then hide its app icon. From there, it would create a shortcut on the home screen and then embark on its malicious campaign of bombarding users with ads. The ads would display full screen, meaning that the user's device is for all intents and purposes unusable.

"Users are forced to view the whole duration of the ad before being able to close it or go back to app itself," wrote Ecular Xu, Trend Micro Mobile Threat Response Engineer. "Moreover, the frequency of ads being displayed can be remotely configured by the fraudster (the default is five minutes), so it could exacerbate the nuisance for users."

On the positive side, once Trend Micro contacted Google to alert them to the presence of these apps, the company quickly responded and removed them. However, the fact that these adware and malware apps keep finding their way into Google Play in the first place should raise alarm bells in Mountain View on the mitigations that it has in place to prevent such widespread "infections" from taking place.