Google is now getting better at maintaining Android malware out of its Play Store, and that is urging attackers to make use of more sophisticated disguises for their rogue apps. SophosLabs has evidence: it recently revealed an ad-spawning malware strain called the Andr/HiddnAd-AJ, that was able to slip into Google Play via innocent-looking compass and QR code apps. While that is nothing new by itself, the said malware made use of a pair of tricks to fabricate innocence. The hostile code was hidden in what looked like a regular Android programming library, and it did not kick in until 6 hours after the user has installed it.
The team of Google has since pulled out the malware-laden apps from the Play Store, and it usually learns from incidents such as this as it refines the anti-malware scanning tools of the company. And Sophos still recommends making use of Google Play if you can — while it is not perfect, its scrutiny still makes it safer compared to many third-party stores. Incidents such as this one mainly serve as reminders for the users to stay sceptical and double-check the nature of the apps that they download from Google Play, even if they appear to be legitimate on the surface.