Hiddad is an Android malware variant focused on ad fraud. The mobile malware distributes unwanted advertisements to users to make money from advertisers.
Hiddad is installed by masquerading as a legitimate app in a third-party app store. Once installed, it displays ads to users and takes actions to make itself more difficult to remove such as taking advantage of superuser permissions on an infected device.
Hiddad is an example of Android malware that acts like a trojan horse and focuses its efforts on ad fraud. It works by masquerading as legitimate and desirable applications available via third-party app stores. For example, Hiddad commonly masquerades as a YouTube downloader or as a Minecraft game. It has also been known to be distributed via Google Play as a fake update or via phishing and other methods.
The Hiddad app itself looks legitimate and requests no unusual permissions. However, another app named Plugin Android is installed with it, which asks for administrator access to the system. This allows the app to hide from antimalware scanners in the system folder and makes it much more difficult to remove.
Once installed, the Hiddad app uses coercion to force users to leave 5-star ratings for the app. This includes locking the device screen until the user provides a 5-star rating in exchange for allegedly removing ads or adding premium features. These 5-star ratings increase the effectiveness of the malicious app because they make it look more legitimate and increase the probability that other Android users will download and install it.
As malvertising malware, Hiddad’s main focus is on serving ads to the user. This enables the malware operator to monetize their operation by getting money from the organizations whose ads they display.
The malware can also use other methods of making money for the operators. For example, users may be tricked into subscribing to premium services, which charge them. Additionally, the malware may collect social media details, which can be used in other attacks or sold on the Dark Web to other cybercriminals.
With the growth of bring your own device (BYOD) programs and the use of mobile devices for work, mobile malware like Hiddad poses an increased threat to corporate cybersecurity. Some of the ways that organizations can protect themselves and their employees against these types of malware include the following:
Hiddad’s primary focus is monetizing the attacker’s access through ad fraud, which is more of an annoyance than a threat to a user. However, its ability to steal social media credentials and the potential for other malicious functionality on an infected device means that it can pose a significant risk to corporate cybersecurity.
Hiddad and other malware like it are one of many cybersecurity threats that companies face. Check out Check Point’s 2023 Cyber Security Report to learn more about the current cyber threat landscape,
Check Point offers endpoint protection for all of an organization’s devices, including mobile devices. Check Point Harmony Endpoint protects Android devices against Hiddad and other potential mobile malware threats. Learn how Harmony Endpoint enhances the security of an organization’s devices and remote work program by signing up for a free demo today.