Scoopfeeds — Intelligent news, curated.
computer-science

A new Android malware from Google

Hacker News · Jul 2, 2026, 3:00 AM · Also reported by 2 other sources

Key takeaways

  • If you are running Android 8 or higher, a virus has been installed on your device and is silently awaiting remote activation.
  • The service cannot be blocked, disabled, or removed.
  • That is because it is Google themselves who is propagating ADV.

If you are running Android 8 or higher, a virus has been installed on your device and is silently awaiting remote activation. Over the past few months, devices around the world have been infected with this novel strain, with as many as 4 billion Android handsets and tablets estimated to have already been contaminated, meaning that around half of all humanity may be at risk from this threat.

Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed.

That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google.

Article preview — originally published by Hacker News. Full story at the source.
Read full story on Hacker News → More top stories

Also covered by

Aggregated and edited by the Scoop newsroom. We surface news from Hacker News alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop