Sophos has detected a new sort of Android malware known as ‘Andr/HiddnAd-AJ’ that piggybacks a minimal of six QR code reader apps beforehand on the market to acquire from the Google Play store. As quickly as put in on client items the malware waits six hours after which bombards the shoppers with adverts and notifications. It’s believed to have been put in on a minimum of 500,000 items.
Whenever you run one of many these contaminated apps for the primary time, it “calls dwelling” for configuration info to a server managed by the crooks.
Every configuration obtain offers the malware:
- A Google Advert Unit ID to make use of.
- A listing of URLs to open in your browser to push adverts on you.
- A listing of messages, icons, and hyperlinks to make use of within the notifications you’ll see.
- The time to attend earlier than calling dwelling for the following configuration replace.
This makes it straightforward for the crooks to adapt the behavior of the malware remotely, altering each its advert campaigns and its aggressiveness simply, without having to replace the malware code itself.
When SophosLabs examined these samples, the primary configuration settings pushed out by the crooks have been very low-key.
For the primary six hours, the checklist of adverts was empty, which means that the behavior of the apps was unexceptionable, to begin with…
…earlier than flooding the machine with full display adverts, opening varied ad-related webpages, and sending notifications with ad-related hyperlinks in them, even when the apps’ personal home windows have been closed.
Do You Need to be Concerned?
Following the invention, Google has eradicated the offending apps from the Google Play retailer and pulled them from client items. Due to this for individuals who’ve downloaded apps solely from the Google Play retailer, you do not have something to stress about.
What to do to save your devices from this QR-code Virus?
This express virus appears to have been stopped in its tracks, for now, however, it absolutely highlights the reality that even sticking purely to the comparatively safe confines of the Google Play store shouldn’t be on a regular basis adequate to take care of you safe. Although Google vets every app, usually points can go beneath its radar.
We nonetheless counsel using Google Play wherever doable, nevertheless you need to on a regular basis maintain your wits about you when downloading any new app. Do you have to witness rogue behavior following the design of an app, don’t ignore it?
You additionally must confirm the app permissions, maintain Android up to date and, to ensure that you an added layer of security, arrange Android antivirus software program.