Security firm Avast is reporting some popular Google Play Store apps have a new form of Adware which masquerades themselves as system warning messages to the end user upon unlocking the device. Durak, a card game with almost 10 million installs from the Google Play Store, is one of those that was hiding the malicious code. A few other apps were found to have the same code such as IQ Test and several other smaller apps with fewer downloads.
The fact that this code got through into a few apps with so many downloads is concerning, as it has now affected millions of users. Normally you can avoid being bitten by an app with not so great intentions by simply reading the app’s permissions but this Adware was hidden so even if the permissions were okay it wouldn’t have mattered. Techcrunch reports that the malicious code was cleverly written to not activate for a few days or even a month after install, confusing the user as to where these system pop ups were really from.
The ads also don’t begin showing up until you’ve rebooted your device at least once, he notes. Afterwards, the ads will appear each time the end user unlocks their phone, presenting warnings saying that your device is infected or “out of date” or is full of porn. The user is then asked to take some action, but is instead redirected to downloads of other malware-laden apps, including those that send premium SMSes or those that collect a ton of personal data.
Google has since taken down all the apps discovered to have this malicious code and is investigating. It is still a good idea to read permissions and do some investigation prior to installing apps from any app store. Some people are getting more clever in hiding things that could harm your devices or take your personal data. Check out the video below to see this new Adware in action.