Android malware found inside apps downloaded from Google Play has infected at least a million users

“Cyber criminals have distributed malware to hundreds of thousands of Android users by successfully hiding it inside a series of apparently harmless apps,” Danny Palmer reports for ZDNet. “The malware sneaked onto the Google Play store disguised as seven different apps – six QR readers and one ‘smart compass’ – and bypassed security checks by hiding their true intent with a combination of clever coding and delaying the initial burst of malicious activity.”

“Following installation, the malware waits for six hours before it begins work on its true purpose – serving up adware, flooding the user with full screen adverts, opening adverts on webpages and sending various notifications containing ad related links,” Palmer reports. “All of this activity is designed with the intent of generating click-based revenue for the attackers – even if the app itself isn’t actively running.”

“Uncovered by by researchers at SophosLabs, the malware dubbed Andr/HiddnAd-AJ, is thought to have infected at least a million users – and potentially many more – as one of the malicious apps was downloaded 500,000 times before being pulled by Google,” Palmer reports. “Nonetheless, despite Google’s failure to spot the malicious nature of these apps, Sophos recommends Android users stick to downloading apps from the Play Store – because it’s still safer than third-party Android app stores.”

Read more in the full article here.

MacDailyNews Take: When you’ve settled for a poor imitation, you reap what you’ve sown.

Ah, the price of a pretend iPhone that’s “open” in all the wrong ways. — MacDailyNews, August 2, 2011

If you stumbled here from Google with your dog-slow Android POS: Get a real iPhone.

SEE ALSO:
Facebook has been collecting call history and SMS data from Android devices for years; Apple iOS devices unaffected – March 25, 2018
New Android malware records ambient audio, fires off premium-rate texts, and harvests files, photos, contacts, and more – March 2, 2018
Android malware apps with over 1 million downloads slip past Google Play defenses – twice! – September 14, 2017
How to upgrade from Android to a real Apple iPhone – August 21, 2017
Video: Apple CEO Tim Cook speaks at Cisco Live, blasts Android’s shoddy security – June 26, 2017
Security expert: There are several reasons why Apple iPhones are more secure than Android phones – May 31, 2017
Russian hacker gang robbed Russian banks with over one million hacked Android phones – May 22, 2017
36 widely-used Android devices ship with malware preinstalled – March 14, 2017
The cost of free: More than one million Google Android devices hit by malware – November 30, 2016
Secret backdoor in U.S. Android phones sent location, text, contact data to China – November 15, 2016
Google’s Android platform has a serious flaw – August 23, 2016
Poor man’s iPhone: Android on the decline – February 26, 2015
Study: iPhone users are smarter and richer than those who settle for Android phones – January 22, 2015
Why Android users can’t have the nicest things – January 5, 2015
iPhone users earn significantly more than those who settle for Android phones – October 8, 2014
Yet more proof that Android is for poor people – June 27, 2014
More proof that Android is for poor people – May 13, 2014
Android users poorer, shorter, unhealthier, less educated, far less charitable than Apple iPhone users – November 13, 2013
IDC data shows two thirds of Android’s 81% smartphone share are cheap junk phones – November 13, 2013
CIRP: Apple iPhone users are younger, richer, and better educated than those who settle for Samsung knockoff phones – August 19, 2013

15 Comments

    1. How many times have we heard Apple apps are completely safe? The sad reality is that a few bad actors inside Apple could steal or mine your data. Or bugs in Apple or 3rd party apps could leak data to a hacker.

      We all know that Google is an evil data mining company, that is why we are Apple users. However I don’t blindly trust Apple with my data. One breach and the Apple security image will shatter. Apple outsourced its server so how can you know what threats exist? Do you hold the encryption keys? Where is the data located? On Google servers? In Microsoft servers? In your home country or in a 3rd world hovel in Ukraine? You all need to stop trusting the cloud, period. Even if Cook keeps pushing it. IOS is fine for media distribution. Don’t put your private data on it and turn off all the aggregious battery sucking tracking that Apple allows apps to do.

      1. [WordPress is throwing fits over what I’m trying to post as a reply. Therefore, this is a stripped down WordPress oppression happy-smiley-shiny version]

        Currently, I and others are hounding Apple to get rid of apps in the Mac App Store that are deliberately infested by their developers with a PUP (potentially unwanted program) discovered in 2016, (2016!!!) called OSX.FakeFileOpener. I found this little rat hiding inside the app ‘Open Any File to Checksum’. There are, I’m told, at least three other apps in the App Store with the same infestation. I’m also told that Apple has known about this for some time and have done nothing to stop it.

        I found OSX.FakeFileOpener using the free Malwarebytes Anti-Malware app, written by the same developer who first discovered and wrote the description of OSX.FakeFileOpener (aka ‘Mac File Opener’). You can find his August 19, 2016 article, titled ‘PCVARK Plays Dirty” at the Malwarebytes blog. (I’m not posting the link in order to appease annoying WordPress).

        Oh Apple. Lately, you make me sad. (;_;) 😿😭

  1. more accurately the headline should read “MORE malware in Google Play Store has infected a million MORE users… ”

    because infected apps there is a regular occurrence.

    (hardware alone my iPhone is worth the price, the security etc is icing on the cake. )

      1. Impressive number, though I suspect the large majority of those devices remain in the China market (based on the alleged source being a Chinese distributor) where other ‘infections’ are prevalent anyway.

        1. I find behavior in China to be consistently predictable. It boggles me that certain people (ahem: #MyStupidGovernment) doesn’t figure out what’s going on. I’m pleased that The Trump is at least taking some of China’s dirty doings seriously and responding. A trade war with China would, in many ways (not all), be a great thing.

          BTW: For all the hype from China about investing in sustainable, actually clean (vs bullshit ‘clean coal’) energy sources, China is HEAVILY investing in carbon fuels, including creating a Yuan based petroleum futures market and building massive carbon fuel transport barges, traveling from Africa and South America, to feed China’s e- generators. IOW: Blatant hypocritical liars. No surprise whatsoever.

          [Skipping my long lecture about the failure called ‘communism’]

          1. Too many bad ‘players’ in the Chinese business market. My company’s parent company in Japan hates dealing with customers in China that complain after an installation job is completed that there are imperfections (usually caused by the people doing the final inspection or Chinese counterparts assisting to insure a ‘good’ job) and demand a discount.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.