Skip to main content
  1. Home
  2. Mobile
  3. News

500,000 people downloaded QR code apps with embedded malware from Google Play

By

Android malware seems to be everywhere. Every few weeks, we hear of a new set of apps on the Google Play Store that have some kind of malware embedded in them, and this time around it seems like a series of QR code readers may be targeting unknowing users.

The news comes in a report from SophosLabs, and it notes that as many as seven QR code readers on the Google Play Store may have been infected with malware. In addition to the QR code apps, one smart compass may have also been infected.

Recommended Videos

The malware itself is called Andr/HiddnAd-AJ, and as the name suggests, it basically plays ads on your phone — after lying low for a while to “lull you into a false sense of security.” The malware waits six hours before it springs into action and starts serving up full-screen ads and opening ads on webpages. The malware also sends users notifications with links to ads.

Please enable Javascript to view this content

According to Sophos, the malicious apps were downloaded as many as 500,000 times before Google removed them from the Google Play Store, and they were able to make it through Google’s scanning by essentially hiding the hostile code in what looked to be regular Android app code. At least on the surface, the apps did what they advertised they could do. The QR code readers could still read QR codes, and if you downloaded the apps for one use, only to delete them afterwards, you likely never would have run into the ads that the apps serve up. That, plus the fact that the malicious code didn’t kick into gear until 6 hours after installation, helped the apps avoid detection.

Of course, it’s likely the incident will help Google refine its malware scanning process — so it’s entirely possible that we won’t see apps similar to this again. It’s also still recommended that you continue using Google Play, if possible. While incidents like this do happen every now and again, the fact is that downloading apps from Google is far safer than downloading them from third-party marketplaces.

“Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialized apps that wouldn’t make it onto Google Play (or trying to publish unconventional content),” said Sophos in its blog post.

Editors’ Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Google wants you to know Android apps aren’t just for phones anymore
Person holding Samsung Galaxy smartphone showing Google Play Store.

When most people think of the Google Play Store, the first thing that comes to mind is smartphones. However, the spread of the Android ecosystem is far broader than that, and Google is taking steps to increase awareness of this and make it easier for folks to find apps on the Play Store for their smart TVs, watches, and even cars.

In a blog post today, the Google Play team announced three significant changes that should make it easier for Android fans to discover apps for all their devices, right from their phone. This includes recommendations of apps for non-phone devices, a search filter to focus on only games optimized for non-phone devices, and even a remote install feature that will let you deliver those apps to your Android TV, Wear OS watch, or Android Automotive-equipped car.

Read more
Google Play Store now offers third-party app payments, but only for some users
The Google Play store icon on an Android phone.

Google will now open up its Play Store as a result of the European Union's Digital Markets Act, the company announced today. Now, any developers distributing apps or games in Europe (the European Economic Area, to be precise) will be able to sidestep the Google Play billing system with no penalty. The change comes after a similar push in South Korea.

"As of today, Google will not remove or reject updates of non-gaming apps from participating developers for offering alternative billing systems for EEA users. Google Play’s billing system will continue to be required for apps and games distributed via Play to users outside the EEA and for games distributed to users within the EEA. We expect to expand billing alternatives to developers of gaming apps for their users in the EEA, in advance of the DMA's effective date," Google's Estelle Werth, director of EU Government Affairs and Public Policy, said in a blog post.

Read more
Google Play improves privacy, payments, and subscriptions 
Person holding Samsung Galaxy smartphone showing Google Play Store.

Google is introducing several new features that will help game and app developers to engage and grow their audience while further improving privacy and security.

At this year’s Google I/O conference, the Google Play team is focusing on new initiatives to create an even safer app ecosystem for users and developers alike while also adding new tools for developers. These include new custom store listing options, increased flexibility in pricing models for in-app subscriptions, and more. The Google Play team outlined these new initiatives during its What’s New in Google Play session at Google I/O 2022.

Read more