More than 10 million devices have been infected by the malware, which tries to con users into needlessly spending money
Google has removed three apps from its Google Play store after they were found to be infected with adware that had already been downloaded millions of times.
Card game app Durak was the most downloaded of the malicious apps with 10 million installations, Google Play has revealed.
The dormant threat
Like the other infect apps, it functioned normally when installed – seemingly only affecting the device at least a couple of hours after you next reboot it. In some cases, the adware takes up to a month to reveal itself.
In a blogpost, Filip Chytry, mobile malware analyst at security firm Avast, wrote: “Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action. However, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.”
Bizarrely, some users of the infected apps were directed to harmless security apps on Google Play. “But even if you install the security apps, the undesirable ads popping up on your phone don‘t stop,” Chytry commented. “This kind of threat can be considered good social engineering. Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised ‘solutions’ and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.”
Google’s developer content policy forbids adverts through system-level notifications unless it is an integral feature of an app. But, in this instance, the malicious adverts were being delivered by three legitimate third-party ad networks.
Google today confirmed it has so far removed three infected apps from its Play store, including Durak, along with an IQ test app and Russian history app both aimed at Russian-language users.
How much do you know about IT security? Take our quiz!