SecneurX Analysis Mobile research team have discovered more mobile Apps that are distributed on the Google Play store infecting Android devices with a malware named “HiddenAds”.
Below mentioned Mobile personalization apps contain the HiddenAds malware. These malicious android apps can affect device performance or jeopardize users’ privacy.
SecneurX Analysis Mobile research team is constantly on the lookout for malicious applications in Google PlayStore. The malicious applications that we identify, and it's associated IOC's, are reported to The Google Play and Android Security Team for the malicious app removal.
We noticed that, at the time of analysis, these applications are very popular and had over 600,000+ cumulative downloads. These apps when installed from play store, changes its icon to any system related icon thus hiding themselves to prevent users from noticing and deleting apps.They change the app name to ‘Google Play’ or ‘Setting’. Its presence on a system endangers device and user safety.
It is learnt that most malicious apps that are part of the HiddenAds family have advertising-supported software (adware) functionalities. In other words, The device will be bombarded with advertisements in a variety of deceptive ways severely impairing the user experience. Due to this, the device performance reduces drastically. Clicking on the advertisements may result in stealth downloads/installation of other malware. Users may inadvertently subscribe to services and be billed monthly, and the privacy of users will be jeopardised.
We strongly advise researching software before download/installation and/or purchase, e.g., by checking the developer's reputation, looking through reviews, reading terms and privacy policies, taking note of required permissions, etc. It is just as important to always download from official and verified sources.
IoC’s
circlepieces[.]us
SHA256 of APK
45ecb623ed4ef0339b79d709b1efb6e699ca765ee82d315cf2f8cba9ea24dbf7
a89909d5f3a782178331c9961ecc0cbcc42fd3985bf0dced61d7244a9d56e55f
dfcb720dacc0f758e52795f4efbd2da2028bef99b7661d0532a330629c81f200
966781b7ba3940a40c25dd1580e794c64966682290429c53c692980b95fa1764
151d79d43dd004f51f3d9310dc9b88cb103acf0ba547966357a18844624ddefd
5e51e10175bd04e4008f29e2a3860c5eeb5f61310bd6be1f05e1630dd43e82c8
2ae42f3a497daa497480799dc77becb902f3b47b705cd4c8ecbbc120a1dce94a
f984fb5c21425092df4b8df8ada78e1a29e9718887d48ca945e481e97be41e92
7c86864486879ab408b78c399e7254c699e4c7f55e3a88d5300811d8c5b7d73e
5d8966da69b6ce221f8215cd1ce8c7b65dfd2cba413a657d89fa50aa08ae6d11
f9fdc7ed01d112d43b98fba0882704778af1241e3ba6739d276027c42c3a06a9
4d4c0929cd78df2807808f225583203aa12f1b253a5dd34320d41fd05f920658
42cad0c140c15ec66aab4c140085413cd47757c02b0273d1448b76f0a2f5b6b0
bb08f1af94054c2d8195c8d4347a00dfd780406a37364b9a588b825729c50d5d
Package Names
com.mycallcallpersonalization.app
com.xphonecallwallpaper.app
com.worldcup22wallpapers.app
com.xchangeicondesign.app
com.xcallcustomcallscreen.app
Comentarios