Android "Auto-Start" malware infects millions of people - remove these apps now

Related Stories

A new strain of malware capable of launching after downloading one of the affected apps has been discovered in the Google Play Store thanks to investigations by cybersecurity firm McAfee.

Unlike other rogue apps that need to be opened first, apps with Hidden Ads malware start running malicious services automatically after installation. They also constantly deliver advertisements on the victim's Android smartphone and are quite difficult to remove once installed.

According to a blog post by McAfee's Mobile Research Team, most apps that contain this new malware are disguised as cleaner apps that clean out junk files or help optimize battery life on Android devices.

Remove these apps immediately. 

Below is a list of all 13 apps that contain Hidden Ads malware, along with the number of times they have been downloaded from the Play Store:

• Junk Cleaner - 1M+
• EasyCleaner - 100K+
• Power Doctor - 500K+
• Super Clean - 500K+
• Full Clean -Clean Cache - 1M+
• Fingertip Cleaner - 500K+
• Quick Cleaner - 1M+
• Keep Clean - 1M+
• Windy Clean - 500K+
• Carpet Clean - 100K+
• Cool Clean - 500K+
• Strong Clean - 500K+
• Meteor Clean - 100K+

Despite the fact that they contained malicious software, all these applications managed to pass the defense of Google and land in the Play Store. Fortunately, McAfee shared his results with the research giant, and they have all been deleted since then. However, you should manually delete your Android smartphone.

Although downloading and installing an application without opening is generally safe, this is not the case in this case. When you install these applications on your devices, automatically start hiddenads malware and start working in the background. 

At the same time, these malicious apps are able to hide themselves to prevent users from noticing and deleting them. For example, they change their icon to a Google Play icon that users are familiar with and change their name to "Google Play" or "Settings" to go undetected.

Malicious services run by these apps show advertisements to victims in several ways. However, all of these ads are full screen and very intrusive. HiddenAds malware apps also try to get users to run an app when they install, uninstall, or update any other app on their devices.
In fact, the cybercriminals behind the HiddenAds campaign have turned to Facebook to promote their new malware.

As all these apps escaped Google's defenses and ended up on the Play Store, their creators were able to create Facebook pages for each app and promote them on the social network. This is because Facebook does not consider Play Store URLs to be malicious, even if those links lead to apps that contain malware.

Cybercriminals often use free services to lure victims to their malware, and anyone can create their own Facebook business account and business page.

How to protect yourself from HiddenAds malware

The first thing you should do is check the list above and make sure you don't have any of these apps installed on your smartphone or Android tablet. From here, you should uninstall them and consider using one of the best Android antivirus apps on your phone to remove any malware left behind.

You should also ensure that Google Play Protect is enabled on your devices, as it constantly scans the apps installed on your smartphone for malware and warns you when you are about to install a suspicious app.

While you shouldn't install apps from unknown sources, despite Google's best efforts, malware can and does end up in the Play Store. Because of this, you should stick to apps from well-known brands with good reviews and high installation counts. If an app is from an unknown developer, that might be fine, although it might be malicious.

According to McAfee, since the HiddenAds malware is still in development and the cybercriminals behind it are developing new variants, we might see more rogue apps using it in the future.