The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has identified HiddenAds, a new malware that has infiltrated Google Play Store and can impact device performance as well as users’ privacy, Charmingpro reportsÂ
NCC-CSIRT classified the virus, first identified by the McAfee Mobile Research Team, as high in probability and damage potential in its August 8, 2022 advisory.
The malware infiltrated the Google Play Store as a number of device cleaners or optimization apps.
According to the NCC-CSIRT summary, “Upon installation, it can run malicious services without the user opening the app.” Additionally, it bombards the user with irrelevant advertisements. The apps have received between 100,000 and over a million downloads.
“Junk Cleaner, EasyCleaner, Power Doctor, Carpet Clean, Super Clean, Meteor Clean, Strong Clean, Windy Clean, Fingertip Cleaner, Keep Clean, Full Clean – Clean Cache, Quick Cleaner, and Cool Clean are some of the apps HiddenAds masquerades as.”
“Whether the user has opened the app or not, when a user installs any of the aforementioned apps, a malicious service is immediately installed on the device.” The app will then try to blend into the app tray by changing its icon to the Google Play icon that every Android user recognizes. It will also be renamed ‘Google Play’ or ‘Settings’. The device will then be bombarded with advertisements in a variety of deceptive ways, severely impairing the user experience,” according to the advisory.
Anyone who installs the compromised app will notice a significant decrease in device performance, clicking on ads may result in stealth downloads/installation of other malware, users may inadvertently subscribe to services and be billed on a monthly basis, and users’ privacy will be jeopardized.
The NCC-CSIRT advised users to avoid downloading questionable or unknown apps, and those who have installed any of the identified malicious apps should delete them immediately.
It was also revealed that if the malicious app’s icon and name change, it can be identified by the fact that it is removable, whereas the legitimate Google Play app cannot be uninstalled.
The advisory suggested installing anti-virus/anti-malware software that has a track record of detecting and removing malware.
The NCC established the Computer Security Incident Response Team (CSIRT) as the telecom sector’s cyber security incident center to focus on incidents in the telecom sector that may affect telecom consumers and citizens at large.
The CSIRT also collaborates with the Federal Government’s Nigeria Computer Emergency Response Team (ngCERT) to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to prevent attacks, problems, or related events.
