Adware.Android.HiddenApp.A

General Explanation

Type: Adware

Degree of destruction: average

Prevalence: average

What is adware?

Adware is advertising malware that results in showing advertising or appearing multiple banners in your system and encourages you to buy products or use their services. Programmers of these types of malware, use to add relevant codes to notification send services to show advertising and earn more money. By adding their application to android markets, they are trying to encourage more people to use these types of applications.

What is the HiddenApp malware family?

HiddenApp adware in the background of send notification services will show advertising notifications to the user. If you click on each one of these notifications, malicious codes will run on a user’s phone, without the user’s notice. Also, this adware tries to download other suspicious or infected applications on the user’s phone.

Technical Explanation

This application is named “adult film +18” and is a member of HiddenApp adware which shows ad notifications to users in the background. Also, it tries to download other infected or suspicious applications on the user’s phone. After its first initiation, it shows a page from its infected server, with the title “Night party clip” along with a pornographic image, which if clicked by the user, after a few seconds will pop out of the application automatically and the application icon will be hidden. It’s a technique that is used to hide the application from the sight of the user. It was specified in the process of checking that this malware has the FireBaseHandler service to examine cases related to ads, which according to it the following situations will occur:

  1. Showing notifications
  2. Opening a specific website
  3. Opening a telegram page: first, it checks whether the package name of the Telegram app: “org.telegram.messenger” is included in the list of the installed application on the user’s phone. If Telegram is installed, will refer the user to a specific page on telegram and will open it.
  4. Opening Instagram page: first it checks whether the package name of the Telegram app: “Instagram. android” is included in the list of the installed application on the user’s phone. If Instagram is installed, it will refer the user to a specific page on Instagram and will open it.
  5. Opening Soroush Plus: first it checks whether the package name of the Soroush Plus:” Mobi.mmdt.ottplus” is included in the list of the installed application on the user’s phone. If Soroush Plus is installed, it will refer the user to a specific page on Soroush Plus and will open it.
  6. Opening Soroush: first it checks whether the package name of the Soroush app: “Mobi.mmdt.ott” is included in the list of the installed application on the user’s phone. If Soroush is installed, it will refer the user to a specific page on Soroush and will open it.
  7. Opening Rubica: first it checks whether the package name of the Rubika app: “ir.resaneh1.iptv” is included in the list of the installed application on the user’s phone. If the Ruka is installed, it will refer the user to a specific page on Rubica and will open it.
  8. Opening IGap: first it checks whether the package name of the IGap app: “net.iGap” is included in the list of the installed application on the user’s phone. If the iGap is installed, it will refer the user to a specific page on iGap and will open it.
  9. Opening Café Bazar: first it checks whether the package name of the Café Bazar app: “com.farsitel.bazaar” is included in the list of the installed application on the user’s phone. If Café Bazar is installed, it will refer the user to a specific page on a specific page on Café Bazar and will open it.
  10. Opening myKet: first it checks whether the package name of the myKet app: “ir.mservices.market’ is included in the list of the installed application on the user’s phone. If the myKet is installed, it will refer the user to a specific page on myKet and will open it.
  11. Opening Google Play
  12. Opening Dialogue
  13. Installing other applications: in this section, the application will connect to its desired server to download and then starts looking for a folder named hidden app in the storage space. If the folder does not exist, it will create it and after download, will store it in a hidden app folder.

How to deal with it and disinfect the system

To ensure that the system is not infected, install the Padvish antivirus database file, keep it up to date, and scan the anti-virus.

Method of preventing phone infection:

  1. Avoid downloading and installing the application from unauthorized resources.
  2. Note the desired permission, when installing the application.
  3. Constantly back up the stored files and data.
  4. Do not use unofficial versions of any applications. Applications such as Telegram and Instagram have many unofficial versions and most of them are released through the Telegram channel.

 

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>