Incidents of malware on Android aren't exactly unheard of. Case in point: Google recently announced the removal of over 700,000 bad apps and 100,000 malicious developers from Google Play last year. But, it seems, the Mountain View giant has been plagued with a major malware incident yet again. This time, a total of seven QR code and compass apps have managed to sneak in malware that allows the infiltrators to use Android devices for click-based advertising even while the app is not active.
As per a revelation by security firm SophosLabs, a few apps on Google Play have been employing a new malware family - Andr/HiddnAd-AJ. In some cases, the affected apps were even downloaded 500,000 times. The apps did not activate the malware for the first six hours, according to the study. It did however, after the initial inactivity, unleash notifications, full screen ads, and ad-related webpages luring users to generate revenue for the infiltrators.
The apps are said to have been pulled down from Google Play. Despite the evidence, SophosLabs still recommends installing apps only from the Google Play, as does Gadgets 360. "Google's app vetting process is far from perfect, but the company does at least carry out some pre-acceptance checks. Many off-market Android app repositories have no checks at all - they're open to anyone, which can be handy if you're looking for unusual or highly specialised apps that wouldn't make it onto Google Play (or trying to publish unconventional content)," said Paul Ducklin, Security Researcher at SophosLabs in a blog post last week.