Malware has reappeared in Google Play, the official Android app marketplace, after previously being identified and removed.
Uncovered by researchers at Symantec, the malware was bundled inside at least seven different apps.
The apps were listed as emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders, but none actually performed the advertised functions, and only existed to serve up malware in the form of adware to drive clicks for illicit profit.
The malware has previously appeared in the Play Store, before being removed after Google was alerted to its presence. However, the same malicious code reappeared in the official Android market place again, but with apps featuring slightly different names under the banner of a new publisher.
In order to help the apps slip past Google Play security, the malware is configured to wait four hours before starting the malicious activity. This also helps lure the user into a false sense of security about the app, so even if they notice the device acting suspiciously, they might not attribute this to the recently installed application.
Following activation, the malware looks to consolidate its position on the device by asking for administrator privileges in order to carry out its activity and make it more difficult for the app to be removed.
In order for the request to look convincing, the attackers use an official Google Play icon when asking for administrator privileges.
The goal of the malware is to deliver adware, browsers are also forced to repeatedly open scam pages featuring fake 'you won' notifications which when clicked deliver profit to the attackers.
ZDNet has approached Google for comment on how the apps were allowed to enter the Play Store after being previously identified as malware, but hasn't received a response at the time of writing.
Researchers at Symantec have also identified a further 38 malicious apps which entered the Google Play store for the first time in December. The apps claim to be games and education apps, but don't really have the functions they promise to provide.
Instead, they forcibly redirect users to install another app from the Play Store called 'Change My Voice' which does have some functionality and also displays lots of adverts -- once again used to drive click-based revenue.
At least 10,000 users in US, UK, South Africa, India, Japan, Egypt, Germany, Netherlands, and Sweden downloaded this malware before it was removed from the Play Store after Symantec informed Google.
In order to remain protected against Android malware, researchers recommend keeping software up-to-date and to pay close attention to permissions requested by apps, especially unfamiliar or unusual ones.