Nigerian Communications Commission warns of Google Play mimicking ‘HiddenAds’ malware

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has reported a new malware, HiddenAds, that has infiltrated the Google Play Store and may affect device performance and compromise user privacy.

In its August 8, 2022 advisory, NCC-CSIRT classified the virus, first identified by the McAfee Mobile Research Team, as highly probable and with high potential for damage.

The malware entered the Google Play Store in the form of several device cleaners or optimization apps.

For anyone who installs the compromised app, device performance will suffer significantly, clicking on the ads may lead to stealthy downloads/installation of other malware, users may inadvertently subscribe to services and be billed monthly, and users’ privacy will be at risk.

What you say

According to the summary provided by NCC-CSIRT “Once installed, it can run malicious services without user opening the app. It also spams the user with irrelevant ads. The apps have been downloaded between 100,000 and over a million times.”

News will continue after this ad




“Some of HiddenAds’ apps masquerade as: Junk Cleaner, EasyCleaner, Power Doctor, Carpet Clean, Super Clean, Meteor Clean, Strong Clean, Windy Clean, Fingertip Cleaner, Keep Clean, Full Clean – Clean Cache, Quick Cleaner, and Cool Clean .

“When a user installs any of the above apps, regardless of whether the user has the app open or not, a malicious service is immediately installed on the device. The app then attempts to blend into the app tray by changing its icon to the Google Play icon that every Android user is familiar with. Its name will also change to “Google Play” or “Setting”. The device is then bombarded with advertisements in various deceptive ways which severely degrades user experience“It says in the consultation.

News will continue after this ad


NCC-CSIRT advised users to avoid downloading questionable apps or apps they are unsure about; while those who have installed any of the identified malicious apps should delete them immediately.

It was further disclosed that where the malicious app’s icon and name have changed, this can be identified by the fact that it is removable, while the legitimate Google Play app cannot be uninstalled.

The advisory recommended installing anti-virus/anti-malware software with a proven track record of detecting and removing malware.

The Computer Security Incident Response Team (CSIRT) is the Telecoms Cyber ​​Security Incident Center established by the NCC to focus on incidents in the Telecoms sector and because they can affect Telecoms consumers and citizens at large.

Leave a Reply

Your email address will not be published.