Three malicious apps were available for download on the Play Store, more than five million phones infected
The post talks about three apps, which are actually adware in hiding, that have managed to get themselves legitimized on the Play Store. Additionally, when downloaded, they wouldn't get to work right away – no, no – these little worms would wait for at least one device off / on cycle, and then at least a couple of days (or even up to a month!), before they start feeding the user their malicious lies. The point behind this is that, after some time, users tend to start “trusting” apps that have been quietly sitting in the drawer, not causing mischief, and would attract a minimum amount of suspicion.
Now, the apps aren't exactly dangerous, as what they do is, they give the user a fake prompt, saying that the phone has been infected, linking them to 3rd party app stores and other shady places – you know, the ones where the really dangerous stuff resides. Alternatively, they would also link to real anti-virus apps on the Play Store, which may mean that developers of said apps have been sponsoring the malware – though, we're still not in a hurry to draw such conclusions.
Of course, the idea that the blog post on Avast's own website is nothing but advertising did cross our minds, as it probably does yours. Here are the facts – the three offending apps have since been deleted from the Play Store (apps Durak, Konka Russian History, and Iwold IQ Test); the user that made the thread on Avast's forum to raise the alarm about said apps only has that 1 post, and another one in the comments section of the blog, though, they do appear legitimate to us.
source: Avast (forum) via Digital Trends