Skip to main content

500,000 people downloaded QR code apps with embedded malware from Google Play

Android malware seems to be everywhere. Every few weeks, we hear of a new set of apps on the Google Play Store that have some kind of malware embedded in them, and this time around it seems like a series of QR code readers may be targeting unknowing users.

The news comes in a report from SophosLabs, and it notes that as many as seven QR code readers on the Google Play Store may have been infected with malware. In addition to the QR code apps, one smart compass may have also been infected.

The malware itself is called Andr/HiddnAd-AJ, and as the name suggests, it basically plays ads on your phone — after lying low for a while to “lull you into a false sense of security.” The malware waits six hours before it springs into action and starts serving up full-screen ads and opening ads on webpages. The malware also sends users notifications with links to ads.

According to Sophos, the malicious apps were downloaded as many as 500,000 times before Google removed them from the Google Play Store, and they were able to make it through Google’s scanning by essentially hiding the hostile code in what looked to be regular Android app code. At least on the surface, the apps did what they advertised they could do. The QR code readers could still read QR codes, and if you downloaded the apps for one use, only to delete them afterwards, you likely never would have run into the ads that the apps serve up. That, plus the fact that the malicious code didn’t kick into gear until 6 hours after installation, helped the apps avoid detection.

Of course, it’s likely the incident will help Google refine its malware scanning process — so it’s entirely possible that we won’t see apps similar to this again. It’s also still recommended that you continue using Google Play, if possible. While incidents like this do happen every now and again, the fact is that downloading apps from Google is far safer than downloading them from third-party marketplaces.

“Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialized apps that wouldn’t make it onto Google Play (or trying to publish unconventional content),” said Sophos in its blog post.

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
Google Play is helping developers meet gamers where they are
Image of Google Play game running on a Windows PC.

Google Play is setting the stage for a big year of growth in mobile and cross-platform gaming, with several new initiatives to help and encourage developers to build even more exciting and engaging gaming experiences.

The increased power of modern smartphones as gaming powerhouses has allowed for the creation of more sophisticated mobile games, many of which can easily be called “console-quality.” However, this has also given rise to more demand from players to be able to enjoy these gaming experiences on a larger screen.

Read more
Google Play Store removes info on apps’ most recent update
google play gift card on shelf

The Google Play Store has removed the ability for users to see when apps have been last updated. The feature is standard across most mobile app stores as it serves as a useful tool for mobile owners to stay informed about their software, but now Android users are being kept in the dark. Although other information such as file size and version number is still publicly available in the Google Play Store, the removal of the "last updated" feature in the UI has puzzled many users.

This change seems to have been a long time coming as Google tested the waters in November by removing the feature for select users, however, it was met with backlash from fans. Following the tests, the feature was brought back, and it seemed as if the Play Store was going back to normal for good, but as of now, the "last updated" section is gone for all Android users.

Read more
Gmail app hits 10 billion Play Store downloads, holds 53% of U.S. email market
Close up of various Google app icons including Google, Gmail, and Maps.

Google launched Gmail on April 1, 2004, and in 2022, the service hit a new milestone, with 10 billion downloads on the Google Play Store -- a figure that represents 53% of the U.S. email market. This makes Gmail the fourth app on the Play Store to achieve this landmark; the first three were Google Play Services (a requirement for nearly all Android phones that use Google services), YouTube, and Google Maps.

As of January 11, the Google Play Store shows that Google Chrome and Google Search have also crossed the 10 billion downloads mark. Meanwhile, Google Photos is trailing a little behind, at over 5 billion downloads.

Read more