Google Play Store: malware on QR code apps infect more than 500k users

by Jake Doe - -

Researchers found QR readers with embedded malware on Google Play

Malware was found on QR code apps in Google Play Store

Malware analysts from SophosLabs have discovered an Android virus[1] strain which resides in deceptive OR reading utilities. Currently, antivirus programs detect the thread under the name of Andr/HiddnAd-AJ which refers to the ad-supported application or also known as adware.

The malware was designed to deliver never-ending ads after the installation of the infected app. According to the researchers, this malicious program would open random tabs with ads, send links or display notifications with advertising content continuously.

The experts have identified six QR code scanning applications and one supposedly called “Smart Compass.” Even though the analysts have reported Google Play about the malicious programs, more than 500 000 users had downloaded them before they were taken down[2].

Malware circumvented Google's security by making its code look regular

During the analysis, researchers found out that hackers have used sophisticated techniques to help the malicious program surpass verification by Play Protect. The script of the malware was designed to look like an innocent Android programming library by adding deceptive graphics subcomponent[3]:

Third, the adware part of each app was embedded in what looks at first sight like a standard Android programming library that was itself embedded in the app.

By adding an innocent-looking “graphics” subcomponent to a collection of programming routines that you’d expect to find in a regular Android program, the adware engine inside the app is effectively hiding in plain sight.

Additionally, crooks programmed the malicious QR code applications to hide their ad-supported features for a couple of hours in order not to raise any concerns by the users[4]. The main goal of the malware's authors is to lure the users into clicking on the advertisements and generating pay-per-click revenue[5].

Hackers can administer the behavior of adware remotely

During the research, IT experts managed to summarize the steps taken by the malware once it settles on the system. Surprisingly, it connects to the remote server which is controlled by the criminals right after the installation and asks for the tasks that should be completed.

Likewise, hackers send the malware a list of ads URLs, Google Ad Unit ID, and notification texts which should be displayed on the targeted smartphone. It gives the access to the criminals to control what ads they want to push through the ad-supported application for the victims and how aggressively it should be done.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Jake Doe
Jake Doe - Computer technology geek

Jake Doe is a News Editor at Ugetfix. Since he met Ugnius Kiguolis in 2003, they both launched several projects that spread awareness about cybercrimes, malware, and other computer-related problems.

Contact Jake Doe
About the company Esolutions


Your opinion regarding Google Play Store: malware on QR code apps infect more than 500k users