Some unsuspecting Android users installed malware on their devices by downloading one of multiple compromised QR code apps. The revelation comes from SophosLabs’ Naked Security, which recently reported that the infected apps had been downloaded more than 500,000 times before being removed from the Google Play Store.
According to Sophos, it detected the Andr/HiddnAd-AJ malware in several apps, six of which were QR code scanner apps and another called “Smart compass.” The security company reported these apps to Google, which promptly pulled them from the Play Store. However, at least half a million people downloaded them while they were live.
These apps reportedly did what they said they’d do, at least on the surface; they didn’t activate the malware initially, helping them appear legit and remain on the user’s device. After a few hours, though, the adware component of the app would go live, presenting the user with advertisements.
Users who downloaded were ultimately subjected to a barrage of advertisements, which included full-screen ads and ones that automatically opened web pages. The ads also sent push notifications with ad links, continuing to do so when the app ran in the background. At least one app was listed as “Verified by Play Protect.”