The Android.virus.adcheat.outappad.wau Virus Detection

Home » Mobile Threats » The Android.virus.adcheat.outappad.wau Virus Detection
Updated
October 4 2024

Author
Nathan Bookshire

The Android.virus.adcheat.outappad.wau detection is specific to android devices (obviously) that have an anti-virus program. The weird thing in this case is that these AV programs remove apps even from the Google Play store – meaning if this can be believed even app store programs are infected.

289937314 C47f1fd0e109777657c2fd1922159624 800

From the information I can see at this moment, it’s not clear whether this is a false-positive of some sort, but by my experience – it’s not. From what I gathered it infects predominantly Russia based users. When such infections are geographically locked, there are 3 main factors to take into account:

  1. Either one AV program is causing this mess detecting the same thing, and from what I can tell, that’s not the case. It’s detected by an in-built Android system.
  2. When all attack vectors come through one single country, then it’s highly suspicious and warrants a deeper look. But at this point the problem is that most of the infected apps seem to be localized. I urge everyone to read the list below and uninstall the apps we outlined there.
  3. If users are downloading the apps from an unofficial source, then that’s 100% the reason. I understand

Android.virus.adcheat.outappad.wau is likely hijacking downloads somehow and that’s only for Russian users. I highly doubt all the apps that show up as infected are actually infected in Google’s app store.

Currently, the only app I found to be infected, and I could test, was Ei Samay. I doubt it’s the only one, though:

https://play.google.com/store/apps/details?id=com.eisamay.reader&hl=en

If you are using it, I suggest uninstalling it for the time being while all of this is sorted out.

A few suggestions on my end:

  • Change any password that you used in an infected app. It’s likely that the password is no longer safe, and the attackers also have your email address.
  • Stay away from unofficial places to download APKs. If you don’t plan on heeding this, at least research online if the source is safe or not.
  • Look at user reviews on the Google play store for the app you’ve chosen.
  • If the problems persist, as a last resort, you can always factory reset your phone.

Nathan Bookshire

3 responses to “The Android.virus.adcheat.outappad.wau Virus Detection”
  1. Kelly Avatar
    Kelly

    All these detections are solely connected to the android package names (detection appears even on empty apps with same package name), so it seems like an attempt to ruin someone’s apps. It’s connection solely to Russian Apps gives a hint it might be a hackers from Ukraine atack or somewhat similar.
    It is also believed that the primary antivirus detecting this app is the Avast engine (CZ).

    Reply
  2. Egor Avatar
    Egor

    DNS Shop app is also infected with this virus

    Reply
  3. Andrew Avatar
    Andrew

    Camhi is also infected. There’s feedback for this application in google play mentioning this virus in Ukrainian so the issue may not be limited to Russian users.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Is Your PC Secure?

Protect your PC & prevent malware with SpyHunter (Try Free For 7 Days*)

Download SpyHunter Now
(Windows)