"Doctor Web": scammers are spreading Android malware with the help of Instagram

Antivirus company "Doctor Web" reported the discovery of its experts in the Google Play a large number of Trojans of the family Android.HiddenAds designed to display annoying ads. Since the beginning of February it was revealed nearly 40 new modifications of these malicious applications, they have been downloaded about 10 million users. Some of these Trojans scammers spread across Instagram and YouTube. Through advertising in popular social networks and Internet services with an audience of millions the number of potential victims that can install dangerous programs, increases significantly.

In February security researchers found in 39 Google Play for new versions of Trojans of the family Android.HiddenAds. They hid in a useful and harmless programs: applications for photography, image editing and video compilations of desktop Wallpapers, system utilities, games and other software. In total they managed to install at least 9 940 305 users. The company "Doctor Web" has informed Google about the Trojans, however, at the time of publication of this news some of them were still available for download.

The Main function of the malicious Android apps.HiddenAds — ad. They constantly display window banners and video ads that cover the Windows of other programs and system interface, preventing the normal operation of infected devices. Here is an example of such advertising.

Since the Trojans show banners almost continuously, attackers quickly pay for spending on promoting their crafts through popular online services.

To stay on smartphones and tablets as long as possible, and the Trojans Android.HiddenAds hide its icon in the applications list home screen. After that they could no longer run, and also harder to find and remove. In addition, over time, some users may forget all of what programs they have established, which will also increase the "survival rate" of the Trojans.

Nearly all members of the family Android.HiddenAds, revealed in February, too, to hide its own icon, but instead place shortcuts to your startup. Most likely, the authors of the Trojans tried to avert from them the suspicion, while reducing the risk of their removal. Unlike the icons on your home screen, shortcuts don't allow you to remove the application via the context menu. As a result, if an inexperienced user or a suspect and try to delete the Trojan via its icon, it just disappeared from the label, and the Trojan will remain on the device and will continue to secretly work and bring the money to the attackers.

Many of these malicious applications for Android smartphones and tablets set after watching the advertisement on Instagram and YouTube, where cyber criminals promised functional and powerful means of processing photos and videos. At first glance, the Trojans fit the description and not raise the suspicions of potential victims. But really except for one or more of the basic functions in them nothing of what was said in the ads.