Adware found in 21 Android apps with over 7 million downloads

Google removed 15 of 21 Android apps from the official Play Store over the weekend following a report by Czech antivirus maker Avast.

The security company said the apps were infected with a type of malware known as Hidden Ads.

Discovered in 2019, this strain of Android adware works by displaying excessive and intrusive advertisements and opening mobile browsers to advertisement or promotional pages.

In one report released todayAvast malware analyst Jakub Vávra says the apps imitate popular games and the criminal group behind the operation relies on social media ads and marketing to lure users in to their Play Store pages.

Once users installed one of these apps, the HiddenAds malware would hide the app’s icon (to prevent users from deleting the app in the future) and then start bombarding users with ads .

Play Store names and URLs of all 21 apps are available in this spreadsheet.


Six of the 21 apps are still available on the Play Store at the time of writing, such as: Shoot Them, Helicopter Shoot, Find 5 Differences – 2020 NEW, Rotate Shape, Cover art Find the Differences – Puzzle Game and Money Destroyer.

Avast said the apps were downloaded by more than seven million users before filing its report with Google last week.

Vávra said it’s easy to fall in love with these apps and install one on your phone, but there are patterns and freebies that can help users identify possibly malicious apps.

“Users should be vigilant when downloading apps to their phones and are advised to check app profile, reviews and be alert for numerous device permission requests,” Vávra said.

Additionally, since many of these apps (games) are aimed at children and usually advertised on social media, Avast’s malware analyst also encouraged parents to talk and teach their children about malware and online security.

Today’s Avast report is just the latest in a long line of apps from Google against malware operators that manage to get their malware past the Play Store’s defenses.

In recent months, Google has also taken down 17 Android apps caught in the act of WAP billing fraud, then another 64, then three morethen another 56 apps that were part of an ad fraud botnet, then over 240 apps that were serving out-of-context ads, then another 38 apps that were also serving out-of-context ads, and finally, Google disabled the accounts of six developers to download applications tainted with the Cerberus banking trojan.

Sam D. Gomez