Android Malware in QR Reader apps on Play Store

Share this…

The information security researchers at SophosLabs have discovered a new Android malware in seemingly harmless QR reader apps on Google Play Store. The malware has been developed to flood Android devices with large screen ads to generate revenue for attackers.

android qrrr

Labeled Andr/HiddnAd-AJ by the information security training researchers, the malware was found in six QR code reading apps and one was in smart compass. All the infected apps made to Play Store by evading Google’s Play Protect, an app developed to intensify further the security of systems running on Android.

As per analysis, the malware works in such a way that once it infects the device, it waits up to six hours to start spamming the device with irritating large screen advertisements and notifications containing clickable links, all to generate as much revenue as possible.

“The adware part of each app was embedded in what looks at first sight like a standard Android programming library that was itself embedded in the app. By adding an innocent-looking “graphics” subcomponent to a collection of programming routines that you’d expect to find in a regular Android program, the adware engine inside the app is effectively hiding in plain sight,” wrote the information security trainingprofessional Paul Ducklin of SophosLabs.

android qr jpg

The malware infected apps were reported to Google who did a quick job in removing the apps before further damage. However, some of the apps were already downloaded over 500,000 times.

If you have downloaded any of these apps, it is time to remove them right now. Moreover, the only safe place for Android users to look for clean apps is still Play Store, therefore, avoid downloading unnecessary apps. Information security training experts also recommend sticking to Google Play if possible.