Smartphone malware attack
An aggressive trojan app on the Google Play Store that makes the false promise of removing pop-up ads in exchange for a good rating

Security researchers have warned that an "aggressive ad-displaying trojan" has been found on the Google Play Store that tricks users into leaving behind a good review. According to ESET researchers, the app uses various methods to trick users into installing an ad-displaying component that bombards the device with pop-up ads. The app then makes a false promise to remove the ads in exchange for a five star rating.

Researchers say the seven versions of the app, dubbed Android/Hiddad.BZ, have been spotted on Google Play. Up to 5,000 users have downloaded it as a tool to download content from YouTube, the researchers said.

"The app innovates the good old-fashioned method of begging for high ratings through nag screens - it displays aggressive ads and makes a false promise of removing them in exchange for a five star rating," ESET malware researcher Lukas Stefanko wrote.

"Such incentives for rating are, however, inherently false promises, as there is no way for developers to connect users to specific reviews and thus no way to 'reward' the ones that leave five stars.

"On top of that, reward or no reward, apps that promise users anything in exchange for high ratings are against the Google Play Developer Policy."

Each of the seven versions of the Android/Hiddad.BZ found on Google Play were named using variations of "Tube.Mate" and "Snaptube".

Once the app was installed, they appeared as "Music Mania" within the device's list of apps. After the user clicks on the "Music Mania" icon, the ad-displaying component is loaded and a fake system screen pops up prompting the user to install a "plugin Android".

If a user agrees, the ad-displaying payload is installed and the device is quickly flooded with ads. The user is then asked to give the app a five star rating "to remove all ads" or perform a specific function such as playing movies, unlocking certain features or simply continuing the process.

"Cancelling the message will result in an even greater flood of ads shown on the user's device, aiming to provoke the user into rating the app next time the prompt is displayed," ESET writes.

Ad-displaying Trojan
Screenshots showing apps requesting a five star rating in exchange for performing a certain function ESET

To remove the malicious app and payload from your device, the researchers recommend that you disable its device administrator rights under 'Permissions Required' which is found under the device's Settings and then uninstall the "plugin Android" payload within the Application Manager.

According to ESET's research, similar techniques have been used by other ad-displaying apps on Google Play that have collected a total of up to 800,000 installs.

"These apps 'force' users into leaving high ratings under various pretences, which in turn makes them more likely to be downloaded in the future," Stefanko wrote. "What they have in common is a usually non-existent functionality; pop-up screens requesting five star rating to proceed, unblock full content or remove ads; and an illogically high rating."

Some examples include the fake game Subway Sonic Surf Jump which had a 4.1 average rating, but drew multiple reviews from angry users saying they were forced into giving the app a higher rating.

"Seeing even malicious apps tricking users into manipulating the Google Play rating system, one might question the much-repeated piece of advice 'Check the rating before downloading,'" ESET writes. "The advice still stands; only it's not enough to check the rating. To get a real overview of what an app offers or doesn't offer, take the time to read into user reviews."