Home Malware Programs Adware Hiddad

Hiddad

Posted: October 11, 2019

Hiddad is an adware that works on Android devices exclusively. Over 40% of the reported infections are from the Russian Federation, but the adware also shows significant activity in India, the USA, Ukraine, Germany, Indonesia and other regions. The purpose of the Hiddad is simple – to display advertisements to the user and use social engineering techniques to make sure that the user is more likely to agree to click on the advertisements. This may generate significant profits for the Hiddad adware's operators if they manage to reach a large number of devices especially.

Hiddad Spreads via Bogus Google Play Store Applications

The Hiddad adware may be spread via bogus applications hosted on the Google Play Store. Some of the names that the Hiddad adware used to hide under are 'Tube Mate,' 'Snap Tube,' and 'Music Mania.' All of these have been removed from the Google Play Store at the time of writing this post, but it is certain that the authors of the Hiddad are still spreading it by using different application names.

Users who opt to install one of the applications bearing Hiddad's payload may not notice anything out of the ordinary at first – the applications promise great features such as disabling YouTube advertisements, enhancing YouTube's features, or providing them with free music streaming services. However, as soon as the application is installed, it raises the first red flag – it demands a lot of device permissions that most applications would not need. Furthermore, it installs a 3rd-party application called 'plugin android' (a bogus name) and prompts the user to give it device administrator privileges. If the user authorizes this, then the Hiddad adware may be free to plant its files in a system folder and make their removal much more difficult than it should be.

Hiddad's Operators Use an Interesting Trick to Farm Positive Ratings

After it gains persistence successfully, the Hiddad adware displays an unremovable prompt that asks the user to give the application a 5-star rating on the Google Play Store – the only way to eliminate the overlay is to give in to the adware's demands. This explains why the majority of the applications used to hide the Hiddad have an excellent 5-star rating on the Google Play Store. The technique that the adware's operators use for farming positive ratings is one of the reasons why you should always check application reviews instead of focusing on their overall rating.

By having Google Play Store pages with an excellent rating, the authors of Hiddad ensure that their adware will reach many more devices. Even if the user gives the application a 5-star rating, the advertisements will not disappear – Hiddad will continue to bombard them with in-application and in-browser advertisements, as well as marketing content delivered via the notification area. Needless to say, this behavior is intrusive extremely, and the Hiddad adware's removal should be the top priority of its victims.

Dealing with the issue requires the use of a reputable anti-virus product that can revoke Hiddad's administrative privileges and then eradicate its files successfully.

Loading...