The Computer Security Incident Response Team of the Nigerian Communications Commission(NCC) has identified the HiddenAds virus that has invaded Google Play Store (NCC-CSIRT). This malware can jeopardize users’ privacy and reduce device performance.
The malware was first identified by the McAfee Mobile Research Team, and as of August 8, 2022, NCC-advice CSIRT determined that it had a high probability of being successful and the potential to do significant damage.
There were several malware-infected device cleaners and optimizer apps discovered in the Google Play Store.
Users’ devices will perform considerably poorer after installing a compromised software, clicking on the advertisements could secretly download or install more malware, users could mistakenly subscribe to services and be paid on a monthly basis, and their privacy could be jeopardized.
According to the summary provided by NCC-CSIRT “Upon installation, it can run malicious services without the user opening the app. It also spams the user with irrelevant advertisements. The apps have received downloads ranging from 100,000 to over a million”.
“Some of the apps HiddenAds masquerades as: Junk Cleaner, EasyCleaner, Power Doctor, Carpet Clean, Super Clean, Meteor Clean, Strong Clean, Windy Clean, Fingertip Cleaner, Keep Clean, Full Clean – Clean Cache, Quick Cleaner, and Cool Clean.
“When a user installs any of the aforementioned apps, whether the user has opened the app or not, a malicious service is immediately installed on the device. The app will then attempt to blend into the app tray by changing its icon to the Google Play icon that every Android user is familiar with. Its name will also change to ‘Google Play’ or ‘Setting’. The device will then be bombarded with ads in a variety of deceptive ways, severely impairing the user experience,” the advisory stated.
Users were warned by NCC-CSIRT to stay away from installing dubious apps or programs they are skeptical of, and those who had already installed any of the harmful apps should remove them right away.
The malicious apps can be identified in cases where their names and icons have changed by the fact that they are removable, as opposed to the official Google Play apps, which are not.
The advise suggested setting up anti-virus/anti-malware software that has a track record of finding and getting rid of infections.
The NCC established the Computer Security Incident Response Team (CSIRT) as the telecom industry’s cyber security incident center to focus on problems in the telecom sector and as they may affect consumers of telecom services as well as the general public.