Even though adware is hidden by design, there are still steps you can take to protect yourself
This time, the apps in question are 21 gaming apps that come packed with hidden adware that is part of the HiddenAds family. According to SensorTower, a mobile apps marketing intelligence and insights company, the apps have been downloaded approximately eight million times thus far.
“Developers of adware are increasingly using social media channels, like regular marketers would,” Jakub Vávra, Threat Analyst at Avast, says. “This time, users reported they were targeted with ads promoting the games on YouTube. In September, we saw adware spread via TikTok. The popularity of these social networks make them an attractive advertising platform, also for cybercriminals, to target a younger audience,”
The HiddenAds malware disguises itself like a fun or useful application — in this instance, games that promise to virtually “let your car fly across the road, trees, hills,” to shoot criminals from a helicopter, or virtually iron their clothes — but actually exist to serve up intrusive ads outside the app. They also frequently hide their icons, so they can’t be deleted, and hide behind relevant-looking advertisements, making them hard to identify.
“While Google is doing everything possible to prevent HiddenAds from entering its Play Store, the malicious apps keep finding new ways to disguise their true purpose, thus slipping through to the platform and then to users’ phones,” Vávra says. “Users need to be vigilant when downloading applications to their phones and are advised to check the applications’ profile, reviews and to be mindful of extensive device permission requests.”
While adware is hidden by design, there are steps each person can take to protect themselves and their families.
Really read the reviews
If an app is a scam, then other users have likely already noticed and left bad reviews. So take a look and pay particular attention to any bad ones.
And with the last round of HiddenAd apps, the Avast team “noticed the app developers have more apps, with very low downloads and reviews, but the handful of reviews they have are extremely positive and enthusiastic, which can also be a sign that something is suspicious,” Vávra says.
Ask yourself: Why does it cost that much?
Basic rule of thumb: If the price point seems weirdly high for what you’re getting, it’s probably a scam.
“Many of these apps offer basic or unrealistic features, like simple games that claim to shock players, or wallpapers for around $8, a high amount considering games and features like this are often offered for free by other developers,” says Vávra.
You know how apps as for a bunch of permissions — including access to your camera, files, location, etc. — when you first use them? That’s because they need those permissions in order to deliver whatever service they’re promising. So, for example, Instagram needs access to your camera, so you can take photos on the app.
Unfortunately, a classic way that bad actors gain access to our devices is by asking for permissions they don’t need. It’s against both Google and Apple’s rules, but some still sneak through, as we can see in this case.
So rather than just tapping “Allow,” the next time a new app asks for certain permissions, take a minute to think about whether or not it really needs that access. Does a weather app need to access your microphone? Nope. Does a wallpaper app need to access your storage? Nope. That’s a sign the app is likely a scam.
Talk about download safety
These scammers purposefully target places that young people hang out — like YouTube and TikTok — because younger people are generally good targets for this type of scam. That means talking to your kids about download safety is essential.
Educate yourself on the signs of scam apps and then share that info with your kids. You might even want to consider putting a rule in place that your kids get permission before downloading anything — to not only avoid scams but also to, “avoid potential unnecessary costs,” Vávra says.