If you're an Android user who likes to try new apps, your smartphone could be at risk for the next big security threat.
The Prague-based antivirus provider Avast says it received a tip earlier this week that certain apps available on GooglePlay might be infected with malware. Filip Chytry, an analyst with Avast, wrote in a post on the company’s blog Tuesday that upon first glance it didn't seem like anything extraordinary – but then he took a deeper look.
"First of all, the apps are on Google Play, meaning that they have a huge target audience – in English-speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies," Chytry wrote.
Among the malicious apps were Durak, a card game, as well as an IQ test and history game app. The names of the latter two remain as mysteries since Avast only refers to them generically with links to pages that are now unavailable since the apps have been removed.
The Daily Mail reported that combined, the three apps combined account for about 15 million GooglePlay downloads. It's important to note, however, that the number accounts only for the number of downloads — not necessarily the number of devices that have become infected.
Chytry said that immediately after users had downloaded and installed these particular apps, everything seemed to work normally, but that sense of normalcy lasted only until two days after the user rebooted the phone.
"After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors," Chytry said.
That's important because, as the analyst noted, "After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?"
Once the device begins to show signs of infection, Chytry said users can expect to receive a warning on their unlock screen after rebooting. Examples of the warnings state that the phone has become infected, is out of date or is full of pornography, all of which are false at that point.
The warning then prompts users to act upon the perceived threats by tapping an "update" icon that redirects them to a phony app store where hackers can then collect unknown amounts of data stored on the device. But the false warnings don't always direct users to a phony app store.
Indeed, some users have even been redirected to available security apps on GooglePlay, which in and of themselves aren't believed to cause any harm. The headache only comes when users start seeing nonstop ads, even if they install the security app afterward.
"Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised 'solutions' and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources," Chytry said.
Google has since removed the infected apps from GooglePlay, a company spokeswoman told Arstechnica, but several apps with the same name were still available as of Wednesday morning. Google did not immediately respond to questions from TheBlaze.
There's currently no sure way to know whether an app is infected until after the damage has been done. Precautions users can take on their own include only installing apps with large numbers of downloads with popular developers. But even that doesn't eliminate the risk of acquiring unwanted malware or viruses since some hackers pose as legitimate programs, Arstechnica reported.
(H/T: Daily Mail)
Follow Jon Street (@JonStreet) on Twitter