500,000 users downloaded QR code apps with embedded malware from Google Play

Security company Sophos notes that as many as seven QR code readers on the Google Play Store may have been infected with malware. In addition to the QR code apps, one smart compass may have also been infected.

The malware itself is called Andr/HiddnAd-AJ,  it basically plays ads on your phone — after lying low for a while to “lull you into a false sense of security.” The malware waits six hours before it springs into action and starts serving up full-screen ads and opening ads on webpages. The malware also sends users notifications with links to ads.

According to Sophos, the malicious apps were downloaded as many as 500,000 times before Google removed them from the Google Play Store, and they were able to make it through Google’s scanning by essentially hiding the hostile code in what looked to be regular Android app code.

Sophos still recommends using Google Play if you can — while it’s not perfect, its scrutiny still make it safer than many third-party stores. Incidents like this mainly serve as reminders to stay skeptical and double-check the nature of apps on Google Play, even if they seem legitimate on the surface.