Watch out for hidden malware in advertisements

Hiddad survives by making itself hard to find on one’s device. It conceals itself in order to avoid uninstallation attempts


ADVERTISEMENTS we see on smartphones and computers today are filled with malicious malware, which can generate revenue for its creator the longer it remains on a device, according to Sophos Group plc.

In its latest 2020 threat report, the UK-based security software company highlighted “Hiddad”, a malware family with the primary aim of monetisation through aggressive advertising.

Hiddad survives by making itself hard to find on one’s device. It conceals itself in order to avoid uninstallation attempts.

“The malware also hides the app’s icon in the app tray and launcher, and is often coupled with additional layers of deception, such as creating a shortcut that does not uninstall the app.

“Hiddad malware may also give itself innocuous names and generic icons in the phone’s settings,” Sophos said.

The malware typically takes the form of a legitimate app, such as a quick response code reader or an image editing app.

“Its authors often make it available on public app stores in order to quickly infect large numbers of devices, thereby quickly increasing the app maker’s ad revenue,” the security software firm said.

Some Hiddad apps repeatedly prompt users for a high review rating, or to instal additional Hiddad apps, to “dramatically increase its popularity and instal count” within a very short amount of time.

Numerous apps riddled with Hiddad malware have been discovered over the past year, according to the firm.

“In September 2019 alone, Google Play has discovered at least 57 Hiddad apps that had a total instal count of about 15 million unique installations,” Sophos added.

Malware advertising, also known as malvertising, has been making headlines for several years now.

From Spotify to The New York Times, they have all been victims of malvertising as it can be easily spread across a large number of legitimate websites without directly compromising the websites.

Most of the time, malvertisements will be submitted through legitimate ad agencies, with the hope that the suspicious redirect will slip by unnoticed, said cyber analytics company ExtraHop Networks.

By infiltrating extremely popular and respected sites such as eBay, Yahoo and etc, malvertisements can reach a much larger audience.

“While some traditional viruses have to be invited with a click, malvertisement requires no action from people as it only needs to load on the page you’re viewing before infecting the whole computer.

“The threat has also grown exponentially over the past decade, increasing by over 300% in some single years alone,” ExtraHop Networks said.

Additionally, Sophos Security Labs also claims it has discovered a new set of such apps every few weeks.

Many of these apps managed to garner more than a million downloads within a few weeks of appearing on the Google Play Store, Sophos said in its report.

With a low-risk monetisation mechanism aimed at generating a constant stream of payouts for its authors, Hiddad is a threat to be on alert in the coming year.

While we are aware that the threat is real, there are many things that Internet users can do to avoid becoming a victim of malvertising.

Normal users should consis- tently keep their programmes updated. Installing an ad blocker to ensure users don’t have the vulnerabilities that attract hackers and scammers is also wise.

Meanwhile, webpage owners are advised to work with reputable advertising companies as they will conduct frequent check-ups on ads that are being run on webpage owners’ sites.