Here's some bad news for Android and all its open-source fans. A new form of malware has been found on a number of popular apps scattered throughout the Google Play Store. This means that millions could already be infected with the fresh malware.
Antivirus software specialist Avast states that it recently discovered the exploit for Android after a user posted a tip on its forums. Apparently, the malware is present in a number of apps in the Google Play Store across a number of countries, and most of those apps have already been downloaded over a million times.
Filip Chytry of Avast states in the official blog that although it didn't seem like anything extravagant at the beginning, "but once I took a closer look, it turned out that this malware was a bit bigger than I initially thought. First of all, the apps are on Google Play, meaning that they have a huge target audience – in English-speaking and other language regions as well."
Apart from that, the apps were already downloaded by millions of users, "and third, I was surprised that the adware lead to some legitimate companies". Probably, this third point is the one that will raise quite a few eyebrows, especially when prominent app makers are in the mix.
As it seems, the most prominent of these infected apps is a card game called Durak, which (according to Google's own figures) attracted 5-10 million downloads. And for the app, similar to the ones affected, when you install it, your phone's behaviour will appear standard for as long as 30 days, effectively masking what's to come next.
This is followed by a boatload of ads every time you unlock your phone. These ads warn you about a certain security problem, inform you that your phone is out of date, or even notify you that it is filled with porn. Whatever may that be, you're offered a button that promises to help fix this issue.
If you are unlucky enough (and foolish) to tap the button, it then redirects you to more damaging software on fake app stores. This even includes apps that send premium SMS messages or collect personal data. Surprisingly though, some users even get redirected to legitimate security apps on the Google Play Store.
"Most people won't be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised 'solutions' and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources," the Avast blog adds.
More details are expected on the malware in the next few days. Stay tuned for more updates!
