More than a hundred applications currently available on the Play Store hide adware that has already been installed on millions of devices.

White Ops, a company specialized in cyber security, has just published a study in which it shows that a hundred applications available on the Google Play Store and downloaded by more than 4.6 million devices contain adware that broadcasts advertisements fraudulent (even when the offending app is closed).

Millions of infected smartphones

This new malware has the distinction of triggering itself silently to display pop-up advertising on users’ devices when the time comes. All the affected applications have in common the use of a code library called “Soraka” (from which the malware takes its name), and a variant called “Sogo”.

Among the rogue applications discovered by White Ops, we can find Best Fortune Explorer, an application published last September. It passes unhindered under the radar of antivirus scans and already accounts for more than 170,000 downloads.

Adware gone unnoticed on the Play Store

Soraka’s mode of operation is rather sophisticated. The code found in these infected apps indicates that a filter system is in place to determine if certain conditions are met to display unwanted advertising on the user’s device.

Animated GIF - Find & Share on GIPHY

The display of advertisement pages is not done immediately after installing the stolen applications. Soraka waits a bit before triggering, and this to dodge detection by the various antivirus scanning tools. The advertisements are then displayed when the user unlocks their screen, but without any application being opened, just to confuse the trail and prevent the user from identifying the application that is behind it.