WARNING: Android malware found in Google Play Store downloaded 500,000 times


If your smartphone has suddenly started bombarding you with advertisements you could be a victim of a new malware scam that has infected hundreds of thousands of Android phones around the world.

Security experts discovered a new form of Android malware hidden inside seemingly harmless apps that have been downloaded more than half a million times.

The malware has been disguised as seven different types of apps, including a six QR code apps and a ‘smart compass’ that bypassed Google’s security measures and were available to download from the Play Store.

After being installed on a device, the malware waits around six hours before it starts serving up adware and flooding the victim’s screen with adverts. It also automatically opens adverts on web pages and send the user notifications containing a link to yet more adverts.

All this then generates fraudulent ad revenue for the people who created the malware.


Image: Sophos Labs

Dubbed Andr/HiddnAd-AJ, it has since been removed by Google but researchers from cyber security firm Sophos Labs say it could have infected up to one million users.

“The adware part of each app was embedded in what looks at first sight like a standard Android programming library that was itself embedded in the app,” wrote Paul Ducklin of SophosLabs.

“By adding an innocent-looking “graphics” subcomponent to a collection of programming routines that you’d expect to find in a regular Android program, the adware engine inside the app is effectively hiding in plain sight,” he added.

If you think you have downloaded any of the apps you should delete them right away.

Despite the apps being available to download from the Google Play Store, it still remains the safest place for Android users to download apps.

You should also make sure you have an up to date anti virus or malware app installed on your device.


Comments are closed.