Latest in Gear

Image credit:

Android malware found inside seemingly innocent QR code apps

Users downloaded it 500,000 times before it was caught.
Jon Fingas, @jonfingas
March 26, 2018
Share
Tweet
Share

Sponsored Links

Getty

Google is getting better at keeping Android malware out of the Play Store, and that's leading attackers to use more sophisticated disguises for their rogue apps. SophosLabs has proof: it just detailed a recent ad-spawning malware strain, Andr/HiddnAd-AJ, that slipped into Google Play through innocent-looking QR code and compass apps. While that's nothing new by itself, the malware used a pair of tricks to feign innocence. The hostile code was buried in what looked like a regular Android programming library, and it didn't kick in until 6 hours after you've installed it.

The Google team has since pulled the malware-laden apps, and it typically learns from incidents like this as it refines its anti-malware scanning tools. And Sophos still recommends using Google Play if you can -- while it's not perfect, its scrutiny still make it safer than many third-party stores. Incidents like this mainly serve as reminders to stay skeptical and double-check the nature of apps on Google Play, even if they seem legitimate on the surface.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Raspberry Pi Pico is a $4 Arduino alternative

Raspberry Pi Pico is a $4 Arduino alternative

View
Put Bernie Sanders almost anywhere with this Google Street View app | Engadget

Put Bernie Sanders almost anywhere with this Google Street View app | Engadget

View
Samsung Galaxy S21 review: The best Android phone for the money

Samsung Galaxy S21 review: The best Android phone for the money

View
New White House website includes a hidden recruitment message for coders

New White House website includes a hidden recruitment message for coders

View
See the 'Girl with a Pearl Earring' painting in 10-gigapixel detail

See the 'Girl with a Pearl Earring' painting in 10-gigapixel detail

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr