While Google is working hard to keep Android malware out of the Play Store, this also means that attackers are using more sophisticated methods. According to details provided by SophosLabs, they provided information on a recent ad-spawning malware strain, Andr/HiddnAd-AJ, which slipped into the Google Play Store through innocent-looking QR code and compass apps.
Apparently, the malware used a pair of tricks to slip past all currently placed safe guards. The malware code was buried in what appeared like a regular Android programming library, and didn’t go for until 6 hours after it was installed.
Google’s team have pulled the malware-ridden apps, and learns of these incidents as it refines its anti-malware scanning tools. Sophos in its part has said to continue using Google Play if you can. While it’s not perfect, it’s still safer to use than many other third-party stores. Incidents like this can happen, but Google Play is still one of the safest to use.