When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Android malware forces users to leave 5-star ratings on Google Play to allegedly stop ads

Rogue Android apps ask you to rate them 5-stars in order to unlock their content | via ESET

Security researchers over at ESET are warning users about an app on Google Play that uses trickery to force users into leaving high ratings, promising that doing so will unlock its full range of features.

The app in question, where an aggressive ad-displaying trojan was detected, masquerades as a tool to download content from YouTube, and has been downloaded more than 5,000 times.

Detected as "Android/Hiddad.BZ," the app utilizes the method of begging for high-ratings through 'nag' screens. It will bombard the user with ads, and it promises to remove them should the user give them a 5-star rating on the Google Play Store.

Hiddad was found on Google Play in seven versions, each named as a slightly modified variation of "Tube.mate" and "Snaptube." Once installed, all of them appear as "Music Mania" in the user's app list.

Launching the app, a fake system screen will appear, prompting the user to install a "plugin." The screen will be overlayed, so the user will be forced to go through the process. By clicking the install button, it will install an ad-displaying payload. The alleged plug-in will then ask for device administrator rights, which cannot be canceled.

The app will nag you with ads, just to get that 5-star rating | via ESET

Once this is granted, the app will immediately show a screen full of ads, and it will ask to be rated 5-stars on Google Play to be able to rid of all the advertisements. If the user refuses, they will be served with even more aggressive ads, aiming to provoke the user.

A user can remove the app's device administrator rights in the Settings app, to take control of the situation. Only then they can proceed to manually uninstalling all the rogue apps installed on the host device.

While this concerns only one app, ESET notes that there has been a rise in apps that demand a high rating to unlock the full content. Take an app called "Subway Sonic Surf Jump" for example; while it is full of 5-star ratings, the reviews say that the users have been forced to give them such a high rating, while the promised content remains unaccessible.

"Such incentives for rating are, however, inherently false promises, as there is no way for developers to connect users to specific reviews and thus no way to 'reward' the ones that leave five stars," writes Lukas Stefanko of ESET. "On top of that, reward or no reward, apps that promise users anything in exchange for high ratings are against the Google Play Developer Policy."

Given the rise of apps such as these, it pays to be very meticulous about the software we download and install on our devices. Seeing the numerical rating isn't enough these days, as cyber-tricksters have created ways to bypass this system. Reading through users' reviews can help, as this might provide a clearer idea of how the app really functions.

Source: ESET

Report a problem with article
Next Article

Pixel and Pixel XL owners complain of microphone failures, including on replacement handsets

Previous Article

Get this VMware vSphere 5.5 Course for just $29 via Neowin Deals

Join the conversation!

Login or Sign Up to read and post a comment.

10 Comments - Add comment