Skip to Content

Malware loaded apps infecting a million users

By now we all understand the need to avoid things like malware, and we’d like to think we take the necessary precautions. Unfortunately, sometimes we can do everything right and still become a victim.

That’s what happened to many, many people who downloaded apps from the Android Store only to learn that they were not what they appeared to be. The malware was so clever, in fact, it found a way to pass through the security systems and even hide their true intentions for long enough to do their damage.

Because of that, it is estimated that the malware impacted at least 1 million people. That’s right, at least 1 million people likely downloaded an app that eventually turned against them.

It was well-hidden

The malware was designed with coding that delayed the onset of its malicious activity, which helped it sneak past Google’s security. It was distributed as part of basic apps that seemed harmless and actually did what they were supposed to, which made them more likely to be downloaded.

The result of being infected with this specific malware — which was found in seven different apps, six of which were QR readers — was ads. One of the bad apps was downloaded 500,000 times.

Photo by Sophos

About six hours after being installed, the malware, which is known as Andr/HiddnAd-AJ, would turn on and assault people with full-screen ads, open ads on webpages and send notifications that contained ad-related links.

What was the point of it all? To generate click-based revenue, of course. That only becomes profitable in large numbers, which it’s safe to say more than 1 million people would be able to generate.

Google was made aware

The malware was discovered by Sophos, who informed Google of its presence. The apps have since been removed from the Google Play Store, though the very fact that they could be made available in the one place where they shouldn’t be will likely lead to some questions.

In this case, making it so the app would not do anything malicious until six hours after installation led everyone to believe it was exactly what it claimed to be. Along with that, the malware’s code was embedded in what looked like a regular Android programming library within the app.

There was also a subfolder within the app titled “graphics” that looked innocuous but actually held the programming routines for the malware.

Unfortunately, in some ways there may not be much Google can do. Security measures are in place and they are largely effective, and the company has a vast team of engineers and programmers who do all they can to ensure the safety of their platform.

But no matter what Google does and how well it does it, hackers and scammers will constantly push boundaries and try new tactics in order to accomplish their goals. It’s like a game of cat and mouse that will probably never end.

What to do if you downloaded a bad app?

If you did not download one of the apps while they were available in the Google Play Store, you are fine. If you happened to grab one, however, your best course of action is to delete the app as soon as possible.

  1. Open your device’s “Settings”
  2. Tap apps & notifications.
  3. Tap the app you want to uninstall. If you don’t see it, first tap “see all apps” or “app info”.
  4. Tap Uninstall

More importantly, do not let stories like this discourage you from downloading apps from the Google Play Store. While it is not perfect, it is a far better and more secure option than off-market stores and third-party apps, many of which have little to no security measures at all.

Your email may not be safe, either

Criminals are counting on you to be off your game and mistakenly fall for their tricks. It only takes one mistake to have your entire bank account drained or identity stolen. This latest attack is extremely tricky and most anyone could fall for it. Click here to learn more about it. App background

Check out the free App!

Get tech updates and breaking news on the go with the App, available in the Apple and Google Play app stores.

Get it today