Six QR reader apps and one ‘smart compass’ app have been found to bypass security checks by concealing their true intentions.
Unfortunately, it’s no longer surprising to read a story about dodgy apps being discovered on the Google Play app store.
The apps in questions delayed six hours before ‘activating’ and spamming the user with ads, notifications for ads and various other ad related content to generate click-based revenue.
Ondrej Kubovič, ESET Security Awareness Specialist, looks at these specific apps but also how you can protect yourself from dodgy apps in general.
“ESET detects all of the mentioned apps as variants of Android/Hiddad.HP. The relatively large number of installs could be due to the promised functionality, as QR scanners are popular and frequently used apps.
“The delayed activation of malicious activity could have also contributed to attackers’ ability to sneak their “product” into the official Google Play store.
“What to do? First, users should remove the infected apps from their device. Users are also recommended to install a reliable security software app, scan their device and remove any remaining malicious code.
“To keep their Android device protected in the future, we would also recommend them to keep the device’s operating system and apps up-to-date and also read reviews before installing a new app (mostly the negative ones, as the positive ones might be fabricated by the attacker).”
Have you ever downloaded a rogue app from the Google Play store? Let us know on Twitter @ESETUK.