Android adware apps on Google Play amass two million installs


Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices.

In their latest monthly mobile threat report, Doctor Web’s analysts identified trojans on Google Play associated with the ‘FakeApp,’ ‘Joker,’ and the ‘HiddenAds’ malware families.

Of particular interest are the following four adware (HiddenAds) apps disguised as games:

  • Super Skibydi Killer – 1,000,000 downloads
  • Agent Shooter – 500,000 downloads
  • Rainbow Stretch – 50,000 downloads
  • Rubber Punch 3D – 500,000 downloads
HiddenAds game app on Google Play
HiddenAds game app on Google Play (Dr. Web)

Dr. Web explains that once victims install these apps on their devices, they hide by replacing their icons with that of Google Chrome or using a transparent icon image to create empty space in the app drawer.

These apps run stealthily in the background upon launch, abusing the browser to launch ads and generate revenue for their operators.

The analysts also discovered several apps belonging to the FakeApp family, which direct users to investment scam sites.

In other cases, Dr. Web spotted game apps that loaded dubious online casino websites in violation of Google Play policies. 

Some notable examples of those are:

  • Eternal Maze (Yana Pospyelova) – 50,000 downloads
  • Jungle Jewels (Vaibhav Wable) – 10,000 downloads
  • Stellar Secrets (Pepperstocks) – 10,000 downloads
  • Fire Fruits (Sandr Sevill) – 10,000 downloads
  • Cowboy’s Frontier (Precipice Game Studios) – 10,000 downloads
  • Enchanted Elixir (Acomadyi) – 10,000 downloads
Fake app leading users to casino sites
Fake app taking users to casino sites (Dr. Web)

Finally, the antivirus team spotted two Joker family apps on Google Play, which subscribe users to premium paid services:

  • Love Emoji Messenger (Korsinka Vimoipan) – 50,000 downloads
  • Beauty Wallpaper HD (fm0989184) – 1,000 downloads

All the apps presented in this report have been removed from Google Play by the time of writing. 

Still, users who might have installed them in the past must delete them immediately and perform a complete device scan using Play Protect and a mobile antivirus tool.

Dr. Web has also published a list of hashes for all malicious Android apps its analysts discovered last month on GitHub.

To avoid downloading malicious software from Google Play, minimize the apps you install to the minimum required, carefully read user reviews, and perform checks to ensure the publisher is trustworthy.