Security experts have warned of several legitimate-looking apps on the Google Play store which have infected potentially millions of Android users with adware.
Alerted by a user comment, Avast mobile malware analyst Filip Chytry investigated and discovered that the malware in question was operating on a massive scale.
One particular application, ‘Durak card game’ by a developer known as ‘Pocket games’, had already been downloaded 5-10 million times, he explained in a blog post.
The malware in question apparently waits several days before launching ads, so that the user is in two minds about where it has come from.
“Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?” said Chytry.
“Each time you unlock your device an ad is presented to you, warning you about a problem, eg that your device is infected, out of date or full of porn. This, of course, is a complete lie.”
If users then follow the on-screen prompts to take action over whatever ‘problem’ the adware has found on the device, they will be taken to pages that will attempt to trick them into downloading data slurping or premium SMS apps.
Some actually redirect to legitimate security apps on Google Play – another likely ploy to obfuscate the source of the adware.
“This kind of threat can be considered good social engineering. Most people won’t be able to find the source of the problem and will face fake ads each time they unlock their device,” concluded Chytry.
“I believe that most people will trust that there is a problem that can be solved with one of the apps’ advertised ‘solutions’ and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.”
Durak was not the only popular game infected with adware. Chytry also pointed to an IQ test app and a history app – although all three appear to have been removed by Google now.
Phil Barnett, EMEA general manager of Good Technology, argued that businesses need to be wary of malicious apps hiding in mainstream app stores.
“If these apps are downloaded onto company phones, or even personal phones that store company data, the security risks escalate,” he told Infosecurity.
“What can they do? They can containerise their corporate data. Storing data in a secure container keeps any threats brought onto the phone by the employee separate from sensitive company assets.”