Just took an urgent call from a client who was concerned their Android phone had been hacked. Adverts were appearing featuring the following URLs (don’t worry – they are disabled):
These were pop-up adverts that just appeared, covering the whole screen. I immediately suggested my client install Malwarebytes – a program that detects adware/spyware and other malicious software. She did so and Malwarebytes identified an app called ‘Etsy’ to be the culprit. It had been infected with an adware (a piece of software that pushes invasive/obtrusive adverts out to the user), called AdultSwine.
With no alternative, I suggested that she remove the app. It is important here to point out that there are often apps with deliberately similar names that look like genuine apps, and there is no way at this stage to determine whether the ‘Etsy’ app that my client downloaded was the real one. In any case, there are clearly questions to put to Google around how they could permit infected applications to be available on their play store, especialy ones that deliberately mislead users into downloading them, in the belief they are genuine.
The problem immediately stopped. She then told me that she had only downloaded the app today (21st January 2018) at around midday.
According to security research company Checkpoint, the malware has infected over 60 applications on the Google Play store, and these ‘apps’ have been downloaded between 3 and 7 million times. Their full article can be read here.
Stay safe. Keep your phone updated. And use a good malware protection application.