New Malware in Google Play Store Leads to Phishing Sites

Diving into details

• The Android apps are propagating the latest version of the HiddenAds malware.
• Researchers found that the apps wait for a few days to exhibit malicious behavior - a common technique to evade detection.
• Subsequently, they open phishing pages in the Chrome browser for information stealing. While some may be harmless, others include more clever schemes to lure unsuspecting users.

About HiddenAds

• Apart from running malicious activities right after installation, the malware would also hide and display ads to victims. 
• Mobile apps Group has previously been caught twice by Google Play Store for developing malicious apps. 
• All the apps have been laced with various versions of the HiddenAds malware. The latest version 4.6 was released on December 15, 2021 on the Play Store. 

Google Play infested with malicious apps

• Five malicious apps on the Google Play Store were found disseminating Vultur and SharkBot trojans. The apps had been downloaded 130,000 times.
• The Play Store had removed 16 apps propagating Clicker. The Android malware had infected over 20 million users. 
• In September, researchers found 75 apps on Google Play and 10 on Apple’s App Store conducting ad fraud. The applications have been downloaded 13 million times.

The bottom line