SophosLabs just alerted us to a malware family that had infiltrated Google Play by presenting itself as a bunch of handy utilities.
Sophos detects this malware as
Andr/HiddnAd-AJ, and the name gives you an inkling of what the rogue apps do: blast you with ads, but only after lying low for a while to lull you into a false sense of security.
We reported the offending apps to Google, and they’ve now been pulled from the Play Store, but not before some of them attracted more than 500,000 downloads.
The subterfuge used by the developers to keep Google’s “Play Protect” app-vetting process sweet seems surprisingly simple.
First, the apps were, at least on the surface, what they claimed: six were QR code reading apps; one was a so-called “smart compass”.
In other words, if you were just trying out apps for fun, or for a one-off purpose, you’d be inclined to judge them by their own descriptions.
Second, the crooks didn’t fire up the adware part of their apps right away, lurking innocently for a few hours before unleashing a barrage of ads.
