Android viruses are rare, but they exist. Almost exclusively installed via dodgy apps, the best way to avoid an Android virus is to keep to the secured confines of the Google Play store. Even if you’re careful about avoiding sketchy websites and apps, however, there’s nothing you can do if your smartphone has malware built in.
A recent report from the Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE, Archos, and myPhone. The majority of these devices are not certified by Google.
The payload APK contains Google, Facebook and Baidu ad frameworks. It is able to detect any antivirus software, and will “hold back any suspicious actions in this case,” said Avast. If not, it will show popup ads for sketchy games while you surf on your default browser. That’s already a big nuisance but could get a lot worse if you actually installed any of the games.
The samples appeared to be like any other adware sample, with the exception that the adware appeared to have no point of infection and several similar package names, the most common being:
According to our statistics, users in over 90 countries are affected. The top ten over the last month are Russia, Italy, Germany, the United Kingdom, Ukraine, Portugal, Venezuela, Greece, France, and Romania.
The solution Avast gave is to use its Avast Mobile Security, which can protect against viruses & other types of malware on Android devices. It can also detect and uninstall the payload, but it cannot acquire the permissions required to disable the dropper, so Google Play Protect has to do the heavy lifting. If your device is infected, it should automatically disable both the dropper and the payload.
Via Avast Blog.