Android Warning: These Malicious Apps Have Recorded Over 1 Million Downloads From Google Play
Google has removed a series of apps downloaded by more than one million Android users from the Google Play Store that infected smartphones with malware and bombarded devices with malicious pop-up ads.
The malware has been detailed by cybersecurity researchers Malwarebytes. The apps were still available for download for several days after the research was published, but have now been removed.
“The apps identified in the report are no longer available on Google Play and the developer has been banned,” a Google spokesperson said in response to ZDNET.
However, although the apps are no longer available for download, users who have already installed the apps will still be infected with malware unless they uninstall them manually.
Also: Public Wi-Fi Security Tips: Protect Yourself Against Malware and Security Threats
The four apps identified as malicious came from a developer called Mobile apps Group and were called ‘Bluetooth Auto Connect’, ‘Bluetooth App Sender’, ‘Mobile transfer: smart switch’ and ‘Driver: Bluetooth, Wi-Fi, USB’ .
The Bluetooth Auto Connect app alone has had over a million downloads and was originally uploaded to Google Play two years ago.
According to the researchers, the apps demonstrate no malicious intent for at least two days after initial installation. And the malware doesn’t just immediately bombard victims with malicious pop-ups and links after the activity begins. First, after displaying the initial pop-up window, the malware is instructed to wait two hours before displaying the next advertisement.
After this initial delay, the app repeatedly opens tabs in Google Chrome to display ad links, which attempt to generate clicks to generate revenue.
The victim doesn’t even have to actively use their phone for the pop-ups to appear – the links can be opened in the background. This intrusive activity has led Malwarebytes to classify the malware as a Trojan rather than adware.
“The aggressiveness of the pop-ups – I once opened my test phone to fifteen open tabs in Chrome after just a few hours – and the heavy obfuscation is what led us to classify it as a Trojan” , said Nathan Collier, a malware intelligence analyst. to Malwarebytes told ZDNET, which warned that the malware could become more dangerous in the future.
“We believe that given enough time, phishing sites would also redirect to sites that encourage people to enter personal information.”
Also: Cybersecurity: These are the new things to worry about in 2023
According to the researchers, this is not even the first time that Bluetooth Auto Connect or the other apps linked to the developer have shown malicious activity. But some of the updates made to the app in the two years since its first release have kept it “clean” for periods.
“It looks like they were allowed to stay after uploading clean builds. This latest build uses heavy obfuscation to evade detection,” Collier said.
Users who have downloaded the app are recommended to uninstall it to remove malware from their Android device – and while Google Play is the safest place to download Android apps, be aware of what they are downloading .
Some users noticed the malicious behavior and complained about pop-ups in one-star reviews on the Google Play Store. Paying attention to this type of information could help you avoid downloading malicious applications. ZDNET has attempted to contact the developers for comment.