Avast has dropped the bomb on a new variety of Android malware permeating the Google Play Store, something that has found its place on millions of users’ devices in the form of games and other simple — and seemingly legit — content. Those who have had an adware-infected computer at one time or another will be familiar with the intrusion; all goes well for the infected user for a while, but after some period of time has passed, advertisements begin appearing when the phone or tablet is unlocked, hawking products that are, in some cases, legit.
Avast was tipped about the malware’s existence via a post on the company’s forum, which lead to an investigation and surprising discovery. This adware has been downloaded as various apps millions of times by now, and included things like the “Durak card game” (now pulled), a Russian history app (also pulled), and more.
The malware likely proliferated so deeply because of how it manifests — users download the infected app and find that it works exactly as expected. Only, after days or weeks have passed — long enough for you to no longer suspect the app — advertisements begin appearing every time is the gadget is unlocked, some warning of system infections, other encouraging you to update something.
If someone indulges the malware, he or she is usually directed to a likewise infected or otherwise compromised website, but that wasn’t always the case — Avast found that it sometimes would redirect users to legitimate security apps on the Google Play Store. This is believed to be a form of social engineering, a sort of magician’s trick dedicated to distracting users from the real cause of the problem by encouraging them to trifle with security solutions that won’t, ultimately, get rid of the problem.