A team of security researchers from SophosLabs has detected a form of malware that hides in more than half a dozen Android powered mobile apps that already listed in the Google Play store. As reported by ZDNet, the apps included six QR code (Quick Response code) readers, as well as a smart compass.
SophosLabs’ research crew has named the malware as Andr/HiddnAd-AJ, and what this malicious code does is basically bombard the mobile user with an unforgiving amount of ads. Rather wickedly, the malware does its ad overloading shenanigans after going through some inactivity on the onset, essentially making people think the app they have downloaded was perfectly harmless.
For instance, as pointed out by ZDNet’s report, the malware lies low for about six hours. And just when the mobile user thinks everything is okay, the code then proceeds to adware mode -- generating a deluge of full screen ads, launching ads from various web pages, and even transmitting a number of alerts that come with ad related links.
According to SophosLabs’ estimation, the mobile apps that contained the Andr/HiddnAd-AJ malware have been downloaded at least half a million times before Google got wind of the malicious software. After being informed by Sophos, Google has since removed the seven apps from its online store, but some damage may have already been done.
Still, SophosLabs is recommending that Android mobile users do not give up on the Google Play store yet. While it is true that the Andr/HiddnAd-AJ malware may have slipped through Google’s typically reliable screening process, but the tech giant’s app store is still among the safest, at least when compared with other third party Android app stores out there. Google’s policy of allowing end users to report suspicious apps may have also helped significantly reduce the population of malware carrying selections.
Even with some increased vigilance, malware continues to be a problem in this day and age (more so for owners of mobile devices). This is mainly because the hackers behind these intrusive apps continue to explore new ways in which to breach known security protocols, while tech companies often are left with a reactive approach to dealing with harmful apps. Malware nowadays also cleverly disguise themselves as something else (often as adult content), which meant that consumers are always in danger of ending up installing an app that is more than it pretends to be, putting their private information (passwords, bank and credit card info, contact information of family and friends, private photos, etc) in jeopardy.
