500,000 people downloaded QR code apps with embedded malware from Google Play

Android malware seems to be everywhere. Every few weeks, we hear of a new set of apps on the Google Play Store that have some kind of malware embedded in them, and this time around it seems like a series of QR code readers may be targeting unknowing users.

The news comes in a report from SophosLabs, and it notes that as many as seven QR code readers on the Google Play Store may have been infected with malware. In addition to the QR code apps, one smart compass may have also been infected.

The malware itself is called Andr/HiddnAd-AJ, and as the name suggests, it basically plays ads on your phone — after lying low for a while to “lull you into a false sense of security.” The malware waits six hours before it springs into action and starts serving up full-screen ads and opening ads on webpages. The malware also sends users notifications with links to ads.

According to Sophos, the malicious apps were downloaded as many as 500,000 times before Google removed them from the Google Play Store, and they were able to make it through Google’s scanning by essentially hiding the hostile code in what looked to be regular Android app code. At least on the surface, the apps did what they advertised they could do. The QR code readers could still read QR codes, and if you downloaded the apps for one use, only to delete them afterwards, you likely never would have run into the ads that the apps serve up. That, plus the fact that the malicious code didn’t kick into gear until 6 hours after installation, helped the apps avoid detection.

Of course, it’s likely the incident will help Google refine its malware scanning process — so it’s entirely possible that we won’t see apps similar to this again. It’s also still recommended that you continue using Google Play, if possible. While incidents like this do happen every now and again, the fact is that downloading apps from Google is far safer than downloading them from third-party marketplaces.

“Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialized apps that wouldn’t make it onto Google Play (or trying to publish unconventional content),” said Sophos in its blog post.

Mobile

Samsung rebrands Gear app as ‘Galaxy Wearables,’ it now supports Android 9.0 Pie

Following reports that Samsung Gear owners were experiencing connectivity issues after downloading Android 9.0 Pie, the company released an update to the app. The Samsung Gear app is also now officially known as Galaxy Wearable.
Mobile

Apple says Group FaceTime will not be part of initial launch of iOS 12

At this year's Worldwide Developer Conference, Apple unveiled its latest operating system, iOS 12. From app updates to group FaceTime, ARKit 2.0, and more, here are all the new features in iOS 12.
Computing

A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Researchers discovered a security flaw affecting versions of MacOS prior to 10.13.6 that allows hackers to take control of a Mac during first-time setup and device provisioning. Malicious code can then be injected into the Mac.
Mobile

The 100 best Android apps turn your phone into a jack-of-all-trades

Choosing which apps to download is tricky, especially given how enormous and cluttered the Google Play Store has become. We rounded up 100 of the best Android apps and divided them neatly, each suited for a different occasion.
Computing

Apple AR glasses will launch in 2020, says respected industry analyst

Apple AR glasses may be closer to reality than we thought. Here is everything we know so far about the augmented reality system, including the rumored specifications of Apple's Project Mirrorshades.
Mobile

Here’s how to safely download ‘Fortnite: Battle Royale’ on an Android device

'Fortnite: Battle Royale' is one of the biggest games in the world right now, and it's finally on Android, even if getting set up is a bit long-winded. Here's how to play 'Fortnite: Battle Royale' on an Android device.
Mobile

No, blue light from your cell phone won’t make you blind

A new study from the University of Toledo reveals the process by which blue light impacts the photoreceptors in our eyes and leads to macular degeneration, an incurable eye disease that causes blindness later in life. The fact that blue…
Mobile

T-Mobile attempts to reinvent customer service with its new ‘Team of Experts’

In an attempt to reinvent how it approaches customer care, T-Mobile announced its Team of Experts. Whenever a customer contacts T-Mobile, they're given direct access to the same team members each time without being put on hold or…
Wearables

Apple considers making its own health-monitoring processors

Apple could be looking at making its own dedicated health tracking processors. These chips are dedicated to health-monitoring features on wearables, and could mean more health tracking features on the next Apple Watch.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.
Mobile

Oppo F9 smartphone is a budget beauty with a teeny-tiny notch

Oppo has just unveiled the budget Oppo F9 with decidedly budget specs wrapped in an impressively attractive body with a gradient finish and a teeny tiny-notch on the nearly all-screen front. But it doesn't seem to be coming to the U.S. or…
Home Theater

Everything you need to know about Google’s Chromecast and Chromecast Ultra

Google's Chromecast plugs into your TV's HDMI port, allowing you to stream content from your tablet, laptop, or smartphone directly to your TV. Here's what you need to know about all iterations, including the 4K-ready Chromecast Ultra.
Mobile

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.
Product Review

The gorgeous Oppo Find X plays hard to get, but is it worth the chase?

Is the Oppo Find X the most beautiful smartphone we’ve ever seen? We think it’s right up there, but because it’s an import-only phone, you’ll have to put in some effort to get one. Is it worth going the extra mile?