* UPDATE: CooTek, makers of the popular TouchPal keyboard, contacted us to explain that the issue with the rogue ad plug-in has been sorted out. Actually, it is stated that the problem has been resolved months ago, before it was even made public. Currently, no CooTek apps are said to experience the issue.
According to Ars Technica, adware named BeiTaAd was hidden in 238 apps found in the Google Play Store. The apps, which had more than 440 million installs, played ads to help the hackers collect revenue. And with the hundreds of millions of screens at their disposal, the scheme certainly paid off handsomely for those behind it.
Part of the problem is that Android users installing one of the infected apps might not have noticed anything untoward in their behavior for a period of 24 hours to as long as two weeks. Once the adware kicked in, the BeiTaAd plugin started to deliver what is known as out-of-app-ads. These appear on lock screens, not inside an app (hence the name) and run audio and video at haphazard times.
A post in the Android Forum from November was written by someone with a friend using the Samsung Galaxy S8 on AT&T. The post noted that this person had the BeiTaAd plugin on her phone and couldn't remove it. Another post was made by a gentleman whose wife also had the BeiTaAd plugin installed on her handset, running ads at random times. The malware, said the husband, made his wife's phone "unusable."
Mobile security firm Lookout noted that those behind the 238 malicious apps went to great lengths to hide the presence of the plugin. All of the apps involved were published by a Chinese-based company called CooTek and all CooTek apps contained the plugin. Lookout reported the names of the 238 apps to Google, and the latter removed all of them from the Google Play Store. Since this scheme had been running for months, we wonder how these malware filled apps managed to elude detection from Google's Play Protect system.