A small number of Android apps infected with malicious software are prompting users to download adware disguised as system notifications
Google Play has blocked access to a few popular apps that contain a vicious form of adware. Security firm Avast first took notice of the issue when contacted by a customer whose device was infected with the malware.
One of the infected apps was a free version of Durak, a popular card game that has been downloaded up to 10 million times. Fortunately, one expert believes the problem might not be as widespread as originally thought. The malware first caused suspicious pop-up messages that appeared to be similar to system notifications. The pop-up messages claim the device is running slow and prompt the user to install new software to fix the problem.
A look at the Android malware threats
Malware analyst Filip Chytry explains that users are taken to fake pages with harmful malware. Such threats may include strange apps or apps that attempt to send premium messages without the user knowing. The apps that brought the malware postponed displaying the malicious pop-ups until days after the download as a way to disguise where they came from. Chytry explained that most people won’t find the problem’s source and will see the fake ads every time they unlock their device.
Other Android apps on Google Play possibly infected with the adware include the Russian language IQ Test and Russian History apps. The former app was downloaded up to 5 million times, and the latter was downloaded up to 50,000 times.
BBC’s research study on the apps
The BBC conducted a search and found that the same developers had dozens of blocked apps. The apps on the blocked list include video games, a psychology guide app, a cooking app and a wedding planner app. The app publishers declined to comment on the matter. A Google spokesperson confirmed the suspension of the apps.
Although Google Play claims the download numbers for the specified apps reached the millions mark, a security expert says those numbers may not be correct. The malware developers could deliberately be making up larger numbers to make the app seem more popular than it is.