Skip to Content

These 15 malicious apps hide on your phone, filling it with pop-up ads

This is one scavenger hunt no one wants to go on. Malicious apps downloaded from the Google Play Store may be hiding in your Android phone, but you have to find them before you can delete them. This is the latest malware attack on Androids. 1.3 million devices have at least one malicious app, leading many to distrust the Google Play Store.

Certain android apps are not to be trusted. Click or tap here to learn how to tell what apps are safe and which ones aren’t. It can be hard to identify which apps are real, which is why it’s not easy finding the 15 apps in question.

To make matters worse, the malicious apps burrow themselves deeply into your phone and hide. Soon your phone is filled with annoying pop-up ads and you’re left trying to find the one responsible for the problem. While it’s not easy, there is a way to find and remove them.

Tricky apps seem to disappear

Cybersecurity firm SophosLabs recently discovered the 15 malicious apps on Google’s Play Store. The apps generate a large number of ads, then hide their app icons so it’s harder for you to find and remove them.

Several of the apps also disguise themselves in the phone’s App settings page. For example, the app free.calls.messages (Free Calls & Messages) uses some dark cyber wizardry to stop users from uninstalling the app.


Related: Check your phone! Android games and photo apps hiding invasive adware.


Here’s how they do it: When the app is first launched, it displays a message that says, “This app is incompatible with your device!” Then the app hides its own icon so it doesn’t show up in the launcher’s app tray. Some make this move on the first launch, while others wait for a while after you install the app.

Image courtesy of SophosLabs.

SophosLabs also found that nine of the 15 apps used a bait-and-switch technique. They used one name and icon for the application that can be seen on the phone’s Apps settings page. They then used a different name and icon for the operation that’s actually running the app, which disappears after the app launches.

The bad actors do this so the visible name and icon trick users into thinking there is nothing wrong with the app.

Image courtesy of SophosLabs.

Finding the malicious apps and removing them

There are several occasions apps have been called out as malicious in the Google Play Store. Unfortunately, even “safe” apps can be siphoning your information without your permission. Tap or click here to learn which apps collect your data, even after you tell them not to. As for the sneaky apps that were most recently released, tracking them down might not be as simple.

The apps advertised themselves as utility apps, image editors, a phone finder and, most audaciously, a utility to scrub your phone of private data. The apps continued their subterfuge by disguising themselves using a name that seems like a harmless app, such as Google Play Store, Update or Time Zone Service. These names appear only in the phone’s settings.

Here’s an illustration from Sophos, showing what the 15 malicious apps looked like on Google Play:

Image courtesy of SophosLabs.

SophosLabs notified Google about the apps in July and the company believes they have been taken down. These apps are detected by Sophos Mobile Security as Andr/Hiddad-AB and Andr/Hiddad-AC. The Sophos Mobile Security for Android is free to download.

Whenever malware comes knocking, it’s always a good time to backup your data. Use iDrive to backup your data now and save 50% on 2 TB of cloud backup. That’s less than $35 for the first year.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me