Bad apps from Google Play infect millions of Android devices

.Google Play apps

If your device has been bedeviled by pop-up ads, these months-old apps might be why

If your Android phone or tablet has been acting funny lately, especially if malware-infested pop-up ads keep erupting on your screen, some months-old entertainment apps you downloaded from the Google Play store might be to blame.

Yesterday, the Avast security blog reported the discovery that several popular apps, including the English-language card game Durak, and a Russian-language IQ test and history app, not only infected devices with nasty malware, but waited up to 30 days after installation to kick in, thus making it harder to figure out which app is causing the problem.

Avast posted this announcement Tuesday morning, and by 6 p.m. Eastern time that evening, Google removed those three apps from the Google Play store.

It's not known exactly how many devices are infected by this malware, but Google's statistics say that since December, Durak was installed between 5 to 10 million times. Avast explained how the malware infection played out:

When you install Durak, it seems to be a completely normal and well working gaming app. … This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?

"A complete lie"

Once the malware activated, you'd see pop-up ads every time you unlocked your device. These pop-up ads would warn you about an alleged problem with your phone – it's infected, out of date, and/or riddled with pornographic content, for example, and urges you to click on the ad and follow its instructions.

Of course, Avast notes, these claims are “a complete lie,” and if you actually respond to the ads “you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.”

Until fairly recently, smartphones and apps had a reputation for being very safe, even malware-proof, compared to regular Internet-connected computers. Only last August, security researchers from the University of Michigan and the University of California/Riverside made headlines after discovering a previously unknown security weakness in Android, Windows and iOS mobile operating systems – basically, that such devices were vulnerable to the app equivalent of malware.

And only last November was the first malware app to threaten iPhones and iPads discovered.

But in both of those instances, the warnings of dangerous phone apps were tempered by assurances that these dangerous apps tended to be sold only on third-party stores — stay away from third parties and stick to officially approved apps, said the conventional wisdom, and you'll be safe.

That conventional wisdom from 2014 proved wrong before the New Year of 2015 was even a week old. On Jan. 6, the Lookout security blog discovered and reported another (now-removed) bad app on Google Play” SocialPath malware that “pretends to protect your data, then steals it.”

As of press time, Avast (and presumably Google's own security team) is inspecting other Google Play apps, to see if any more malware-infected ones remain to be discovered. If you're getting adware pop-ups on your Android, and you do not have Durak or any Russian-language apps loaded onto it, remember: the problem might be caused by whichever app you most recently installed ... but it might also be a delayed reaction from an app you added up to a month ago.