Hiddad Android Malware

Hiddad is an Android malware variant focused on ad fraud. The mobile malware distributes unwanted advertisements to users to make money from advertisers.

Hiddad is installed by masquerading as a legitimate app in a third-party app store. Once installed, it displays ads to users and takes actions to make itself more difficult to remove such as taking advantage of superuser permissions on an infected device.

Read the Security Report Request a Demo

How Does Hiddad Work?

Hiddad is an example of Android malware that acts like a trojan horse and focuses its efforts on ad fraud. It works by masquerading as legitimate and desirable applications available via third-party app stores. For example, Hiddad commonly masquerades as a YouTube downloader or as a Minecraft game. It has also been known to be distributed via Google Play as a fake update or via phishing and other methods.

The Hiddad app itself looks legitimate and requests no unusual permissions. However, another app named Plugin Android is installed with it, which asks for administrator access to the system. This allows the app to hide from antimalware scanners in the system folder and makes it much more difficult to remove.

Once installed, the Hiddad app uses coercion to force users to leave 5-star ratings for the app. This includes locking the device screen until the user provides a 5-star rating in exchange for allegedly removing ads or adding premium features. These 5-star ratings increase the effectiveness of the malicious app because they make it look more legitimate and increase the probability that other Android users will download and install it.

The Uses of Hiddad

As malvertising malware, Hiddad’s main focus is on serving ads to the user. This enables the malware operator to monetize their operation by getting money from the organizations whose ads they display.

The malware can also use other methods of making money for the operators. For example, users may be tricked into subscribing to premium services, which charge them. Additionally, the malware may collect social media details, which can be used in other attacks or sold on the Dark Web to other cybercriminals.

How to Protect Against Hiddad Malware

With the growth of bring your own device (BYOD) programs and the use of mobile devices for work, mobile malware like Hiddad poses an increased threat to corporate cybersecurity. Some of the ways that organizations can protect themselves and their employees against these types of malware include the following:

  • Employee Training: Hiddad and similar malware variants use trickery to get users to install them on their devices and take other undesirable actions. Employee security awareness training can help them to identify and avoid suspicious and malicious apps.
  • Mobile Device Management (MDM): MDM solutions enable organizations to manage the apps that employees are permitted to install on corporate devices. This can help prevent users from installing potentially suspicious, malicious, or undesirable apps on devices used for work.
  • Mobile Security: Like other computers, mobile devices can run endpoint security software. This can help to block malware from being installed on these devices or assist in the process of detecting and remediating a malware infection.
  • Email Security: In some cases, Hiddad is spread via phishing attacks designed to trick users into downloading malicious and infected apps. Email security solutions may be able to detect and block inappropriate and malicious content from reaching users’ inboxes.
  • Zero Trust Network Access (ZTNA): Mobile devices may be used for work, but they also pose a risk to an organization’s systems if infected by malware. ZTNA can block infected devices from accessing the network and restrict the access of untrusted ones, limiting the potential impacts of a malware infection on the organization.
  • Account Security: Hiddad can steal social media passwords, which may be shared with other, corporate accounts. Account security solutions such as multi-factor authentication (MFA) or single sign-on can help to prevent attackers from taking advantage of these stolen credentials.

Hiddad Malware Detection and Protection with Check Point

Hiddad’s primary focus is monetizing the attacker’s access through ad fraud, which is more of an annoyance than a threat to a user. However, its ability to steal social media credentials and the potential for other malicious functionality on an infected device means that it can pose a significant risk to corporate cybersecurity.

Hiddad and other malware like it are one of many cybersecurity threats that companies face. Check out Check Point’s 2023 Cyber Security Report to learn more about the current cyber threat landscape,

 

Check Point offers endpoint protection for all of an organization’s devices, including mobile devices. Check Point Harmony Endpoint protects Android devices against Hiddad and other potential mobile malware threats. Learn how Harmony Endpoint enhances the security of an organization’s devices and remote work program by signing up for a free demo today.

 

Get Started

2023’s Most Wanted Malware

Mobile Threat Defense (MTD)

Mobile Device Security

Related Topics

What is Malware? | Different Types Of Malware

What is Remote Access Trojan (RAT)?

Android Malware

What is Mobile Malware

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK