Researchers have uncovered a collection of malicious apps on the Google Play Store that have been downloaded more than a million times.
Researchers from Malwarebytes detailed in a blog post how they found a total of four apps, all from the same account - Mobile apps Group. The apps are called “Bluetooth Auto Connect”, “Driver: Bluetooth, Wi-Fi, USB”, “Mobile Transfer: Smart Switch”, and “Bluetooth App Sender”. Clearly, all of them are supposed to be utility apps.
However, what they are really designed to do is bring undeserved ad revenue to the developers, and sometimes even trick them into downloading infostealers, malware, or other types of viruses. The researchers discovered these apps carrying HiddenAds - malware that actives a few days after the app had been downloaded, in order to better conceal malicious activity.
Malicious activity
Once the malware starts working, it does a number of things, such as opening up new Chrome tabs in the background (even when the endpoint is locked) to load various ads. Sometimes, these ads are full-blown malicious, claiming the victim’s device is infected with a virus and needs an antivirus app immediately.
While Google is usually pretty fast at removing such apps from its app repository, these four are still active and downloadable at press time. What’s more, even if the company removes them, it would only protect future potential victims. The million+ users that have already downloaded these apps won’t be safe unless they remove them from their devices completely.
Every now and then, researchers discover malicious apps sitting in major mobile app repositories, Play Store and App Store. Despite Google’s and Apple’s best efforts, sometimes these apps make it through, meaning simply being in these stores is no guarantee the app is “clean”. Users are advised to always read through a few reviews (negative ones, particularly), and look for apps with high ratings and high download counts.
- Check out our rundown of the best ID theft protection tools right now
