Google has pulled numerous apps from its Play Store, after they were found to be infected with malicious software. A Nexus 5 owner named Andrei Mankevich was the first to spot this particular threat, which he discovered while he was trying to understand how his own handset had become infected.
Mankevich posted his findings on the forum of security firm Avast, which today published details of its own investigation, describing the problem as "bigger than [they] originally thought."
The malicious code buried in seemingly innocent apps causes pop-up messages to appear on the device; in some cases, this happens every time the device is switched on. These messages - many of which are written with a clear sense of urgency and impending doom - encourage users to visit sites to download additional software.
This video, published by Mankevich, shows some of these notifications in action:
As Avast explains, when you follow these links, "you get redirected to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value."
The most widely distributed app was a version of the Russian card game, Durak, which was downloaded up to ten million times, according to Google Play. The game installed and performed as expected - but after a few days, it would cause severe performance degradation on devices.
Many of the other malicious apps exhibited similar behavior, functioning normally for up to 30 days before eventually activating. This was by design, of course, to make it harder to track down the source of the problem for users wanting to know why their handsets are suddenly doing strange things.
Curiously, not all of the ads that were displayed by these apps were malicious, and some linked to genuine security apps on the Google Play store. This raises the question of whether the developers of these apps are content with using such aggressive and invasive advertising to force their products onto users.
Google has now removed the malicious apps identified in the investigation from its Play Store, and has also blocked other apps created by the same developers. However, given that those behind these apps offered dozens of others on the Play Store as well, the full scale of this potential threat - and the number of devices that have actually been infected - remains far from clear.
While the Google Play Store is certainly far better protected against malicious software than many 'rogue' app stores out there, this isn't the first time that the 'official' Android store has had to deal with this kind of thing. A year ago, a study found that malware-infected apps on Google Play had increased by a staggering 388% in just two years.
More: Avast Blog | Avast Forum | Video (YouTube / Andrei Mankevich)
59 Comments - Add comment