Android malware found inside seemingly innocent QR code apps
Google is getting better at keeping Android malware out of the Play Store, and that’s leading attackers to use more sophisticated disguises for their rogue apps. SophosLabs has proof: it just detailed a recent ad-spawning malware strain, Andr/HiddnAd-AJ, that slipped into Google Play through innocent-looking QR code and compass apps. While that’s nothing new by itself, the malware used a pair of tricks to feign innocence. The hostile code was buried in what looked like a regular Android programming library, and it didn’t kick in until 6 hours after you’ve installed it.
The Google team has since pulled the malware-laden apps, and it typically learns from incidents like this as it refines its anti-malware scanning tools. And Sophos still recommends using Google Play if you can — while it’s not perfect, its scrutiny still make it safer than many third-party stores. Incidents like this mainly serve as reminders to stay skeptical and double-check the nature of apps on Google Play, even if they seem legitimate on the surface.