Several apps available in the Google Play Store that have been downloaded by a large number of users are harboring a form of malware that waits days or weeks until turning the adware on, popping up advertisements or trying to trick users into paying for content or breaching their privacy.
The most popular of these apps, a card game called Durak has over 5 million installations. Other infected apps include an IQ test app, having 1-5 million installations, and a history app, which has been installed in thousands of devices.
According to Avast researcher Filip Chytry, these apps act normally when you install them. "This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors."
Once the malware gets activated, you start seeing ads every time you unlock your device. These ads are disguised as warning messages saying that your device is infected, out of date, or full of porn. "This, of course, is a complete lie," Chytry said
You are then asked take action, and if you approve you get re-directed to downloads of other infected apps that either send premium SMSes or collect too much of your personal data. Surprisingly, you are sometimes directed to legitimate security apps on Google Play, such as one from antivirus provider Quihoo 360, although even if you install these apps, the undesirable ads popping up on your phone don‘t stop.
Acting swiftly, Google has pulled the apps from the Play Store.