Cybercriminals have infected more than 1,000,000 Android devices with adware hidden in a few applications available for download through Google Play Store. Security experts at SophosLabs have discovered 7 infected Android applications, including six QR code scanners and one smart compass.
Once installed on smartphone or tablet, the malware named Andr/HiddnAd-AJ waits for six hours, and only after that it starts displaying a lot of annoying context ads and full-screen ads, as well as sending various notices containing advertising links. Thus, cybercriminals get revenue from malvertising even if the infected application is not active.
According to the researchers, the malware could infect at least 1 million Android devices. One of the malicious applications was downloaded more than 500,000 times.
Once an infected application is launched on victim’s device for the first time, it connects to malicious C&C server in order to download malware components. While the malicious activity is initially hidden, attackers also try to avoid the detection of the adware source code which built into standard Android library. In addition to standard components, attackers added “Graphics” section which contains detailed instructions for getting all the information and files required to run malicious ads.
Google has already removed the detected applications from the Google Play Store.