alt=
203x44-linked-in
News  Android
Android malware time bomb

Millions of downloads

The usual advice given to smartphone users who want to avoid smartphone virus infections is to only download from trusted sources. That's been questioned recently following the discovery of an app in the Google Play store which pulls a sneaky new trick - it waits 30 days before plastering your handset with ads.

The app has between 5 and 10 million downloads and is a card game called Durak. It even shows the ads when you unlock your handset, i.e. the app itself isn't running at all.

Ads designed to scare

Even the actual ads shown aren't your regular pet food or soda drink offerings. These scare users with dire warning of their handset being riddled with pornography or viruses, and insist on clicking links to cure this which - you guessed it - just results in further malware being downloaded.

This new trend is a worry because of the time delay. Users often install an app, use it for a day or so then just leave it. So, if 30 days later their phone starts to misbehave there is no immediate connection between that and the app they ran. When you consider the number of apps users churn through in that time, tracking the offender down becomes nearly impossible.

Against Google's Play Store policy

Avast are warning "Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value."

Google has removed all the apps from the Play Store it is aware of which carry this malware.

Durak

Along with Durak, other titles included a Russian IQ test with up to five million installs, and a Russian history app game, which has been installed up to 50,000 times.

The software can also direct users to legitimate security applications as well, claiming that they will clear the handset of the advert-serving smartphone virus.

Durak appears at first glance to be a professionally created, credible app:

593x339 durak

The reputation damage to the Play Store is a serious concern to Google who will no doubt take measures to update its "bouncer" system, designed to automatically trap malware before it's allowed in in the first place.

Here's how infected devices behave: