When Trend Micro reports something new. We listen. The last one we featured here was back in February when some beauty camera apps were found to be malicious. They were already deleted from the Google Play Store so that’s good news. Before that, there were the Anubis-related malware apps, as well as, some game/TV/remote control apps working as adware in disguise. For everyday phone users, adware is most annoying because ads are just everywhere. Who wants a device filled with ads? Nobody.
The latest report of the cybersecurity firm includes information about a new adware only known as AndroidOS_Hidenad.HRXH. A number of apps were listed on the Google Play Store that couldn’t be easily detected by the adware can evade detection. It’s possible through time-based triggers and user behavior.
Most of the apps in questions are gaming and photography apps. There are about 85 of them and when all downloads are combined, they reach to over eight million. Trend Micro has reported the findinsg to Google. The latter responded right away by immediately deleting those adware apps.
We find it interesting how the adware works. It first checks user presence or behavior. An app is launched and then records two timestamps–current time and network time (installTime and networkInstallTime). It then registers a Broadcast Receiver for android.intent.action.USER_PRESENT. What the adware just waits for is when the device is unlocked so it could then execute what it needs to execute. It checks if the app has been installed for over 30 minutes before it will hide the icon and make a shortcut on the home screen so it can’t be easily uninstalled.
Once the app-adware is installed, ads will soon be shown on the screen. What’s most annoying about this adware is that ads are shown in full screen. That’s too much. A notification-sized ad may be acceptable but not full screen.
Trend Micro suggests an app must be disallowed to create a shortcut. This way, uninstalling an app will be possible. Feel free to also get the Trend Micro Mobile Security for Android to block all malicious app.