Andr/HiddnAd-AJ

Original Issue Date:- March 26, 2018
Virus Type:- Trojan/Ransomware
Severity:- High

There have been reports of a new malware family that has infiltrated the Google Play Store. It disguises itself as various utility applications like QR Code users, compass applications etc. It has been dubbed as Andr/HiddnAd-AJ. This malware mainly pushes ads onto the user's device.

When the app is opened for the first time, it connects to a command and control server owned by the attacker to receive the configuration which includes the list of ad URLs, the list of notifications to be shown to the users, the Google Ad Unit ID and the wait time before connecting to the CnC server again. This allows the attacker to remotely change the behaviour of the malware without having to update the application.

The malware begins its malicious activity only a few hours after installation. Once activated it starts pushing full screen ads and opens various advertisement webpages. It also pushes a lot of notifications which have advertisement links even when the application itself is not running.

Even though the malicious applications have been removed from the Play Store, there could be more such application lurking around. It is advisable to stay alert and follow these recommendations:

Recommendations:

  • Even though the malware is being spread through the Google Play Store itself, it is advisable to stick to verified application stores as they are much safer than untrusted sources.
  • Do not download and install applications from untrusted sources [offered via unknown websites/ links on unscrupulous messages]. Install applications downloaded from reputed application market only.
  • Install and maintain updated antivirus solution on android devices. Scan the suspected device with antivirus solutions to detect and clean infections.
  • Prior to downloading / installing apps on android devices (even from Google Play Store):
    • Always review the app details, number of downloads, user reviews, comments and "ADDITIONAL INFORMATION" section.
    • Verify app permissions and grant only those permissions which have relevant context for the app's purpose.
  • In settings, do not enable installation of apps from "Untrusted Sources".
  • Exercise caution while visiting trusted/untrusted sites for clicking links.
  • Install and maintain updated antivirus solution on android devices. Scan the suspected device with antivirus solutions to detect and clean infections.
  • Refer to security best practices for mobile Phone users: Visit http://www.cyberswachhtakendra.gov.in/documents/Mobile_phone_Security.pdf
  • Install Android updates and patches as and when available from Android device vendors.
  • Enable 2-factor authentication for your Google/other accounts.
  • Users are advised to use device encryption or encrypting external SD card feature available with most of the android OS.
  • Avoid using unsecured, unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications..