14 DAY TRIAL // McAfee security researchers revealed today that they discovered dozens of Android apps infected with malware on Google's Play Store.
Researchers say the apps were infected with the Android/Clicker.G malware and only targeted Russian-speaking users.
Most of the apps never went above 5,000 downloads, and some of them provided users with a fully working interface, earning good reviews.
Malware was blasting users with ads and system update notifications
Once these apps reached Android devices, the security firm says the malware waited six hours before triggering the malicious behavior.
McAfee classifies Android/Clicker.G as adware and researchers say that every two minutes, the malware would show a popup with annoying ads or ask users to download a system update or other apps from the update-sys-android[.]com service.
The crooks behind this malware campaign didn't bother to mask their intentions because the security researchers that had a look the source code of these apps say the malicious payload was neither encrypted or obfuscated to protect it from prying eyes.
All of the apps seem to have been uploaded recently, with some of the apps submitted by a user named goasez. McAfee didn't elaborate on how the crooks managed to bypass Google's app review process and the Bouncer automatic scanner, but the company says they've reported all the apps they found infected with Android/Clicker.G.
At the time of writing, goasez's Play store profile doesn't list any apps, meaning Google intervened and removed the malicious applications.
Not the first time, certainly not the last
This is not the first time malware coders managed to go around Google's review process. According to Google's Android security report for 2015, the company explains that 0.15 percent of all Play Store app installs in 2015 contained malicious code, which translates to about one in every 666 users.
The most recent case when security firms discovered malware-infected apps on the Play Store happened at the end of April when PhishLabs experts found eleven Play Store apps phishing for banking credentials.
Previously, at the start of April, Dr.Web, a Russian antivirus maker, found 104 Android apps infected with the Android.Spy.277 spyware variant.
Before even that, at the end of February, ESET also discovered 343 Android apps infected with the Porn Clicker clickjacking malware, which worked by opening invisible browser windows to access adult websites and click on their ads.