Millions of Android users were reportedly affected by the latest surge of Trojan apps that infiltrated Google Play store.
Despite Google's excellent security protocol in preventing data-stealing apps from proliferating, attackers still find means in order to gain money using rogue apps offered in the store.
Three recently discovered app on Google Play were reported to contain hidden adware functionality which enables it to be activated several days after the app was downloaded and installed. The rogue apps were, a game named Durak, a history app and an IQ Test app, according to PCWorld.
After installation the apps functions normally which leaves an impression that everything is tiptop. However, the hidden code inside the app activates after the device was rebooted and this is when users feel that something is not right it will then display different ads claiming that the device is at risk.
On some occasion, users are prompted to download rogue applications disguised as antivirus tools. Some reports claim that the apps sends premium text messages even if the user did not allow it.
This type of scheme is called "scareware scams" which has plagued PC user for year and has now reached the mobile platform.
To counter these attacks Google has an Android emulator called Bouncer. The emulator scans all app uploaded to Google play and observes the apps behavior after the installation. However, scarewares found a clever way of delaying its activation to a several days after it was installed in order to bypass the emulator's analysis.
Avast researcher Filip Chytry posted on his blog saying, "I believe that most people will trust that there is a problem that can be solved with one of the apps' advertised 'solutions' and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources."
Google has already suspended the apps but did not offer an explanation as to how the attackers managed to bypass its defenses.