Security firm Avast has identified a new type of malware that is posing as mobile games on Google Play. In an article posted to Avast’s blog, security researcher Filip Chytry discusses how a number of games, including a card game, an IQ test app, and a history app, all come preloaded with the same malicious software. The malware first came to the attention of Avast when one Andrei Mankevich wrote about it in a forum. According to his analysis, the malware is unique in that it does not activate immediately upon the app’s installation. Instead the app launches its malicious code after the user reboots their phone and changes the system date on the device to at least a week into the future. Once the malware activates, users receive a series of ads warning them about fake problems, such as their devices being full of porn, every time they unlock their phone. If the user clicks on the fake advert, they are redirected to other sources, where they might be asked to download fake solutions from untrusted providers. Strangely enough, the malware also at times redirects users to mobile antivirus apps on Google Play, some of which come from legitimate sources. Security researchers believe that the malware’s author wrote this function because they benefit in some way form a referral scheme. With some of the infected apps having received millions of downloads, this type of malware poses a serious risk to Android users. It is important to note that there is no way for a user to definitively identify whether a mobile app is malicious. That being said, users can check for a poorly written, incomprehensible description on the app’s landing page. They can also verify the creator of the app by visiting the publisher’s website. In the meantime, Google has suspended all of the mobile games affected by the malware.
