A group of malware apps that are capable of phishing attacks have been discovered to be on the Google Play Store with installations of as many as one million downloads, say security researchers at American Internet security company Malwarebytes Labs. These malicious Android apps have been developed by a common developer named Mobile apps Group.
Older versions of these malware apps were previously detected as different variants of Android/Trojan.HiddenAds. Shockingly, the developer Mobile apps Group is still active on the official Google Play Store dispensing its “HiddenAds” malware. The developer was allowed to publish apps after submitting cleaned versions.
“A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads,” Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes wrote in a blog post.
The four malicious Android apps discovered this time include Bluetooth Auto Connect, with over 1,000,000 installs, Bluetooth App Sender, with over 50,000 downloads, Driver: Bluetooth, Wi-Fi, USB, with over 10,000 installs and Mobile transfer: smart switch, with over 1,000 installs.
It should be noted that these apps have not received good reviews on the Google Play Store with users writing that these are full of intrusive advertisements that open in new browser tabs automatically.
Since these four malicious apps are listed on Google Play Store and can be discovered easily, we recommend users to uninstall them immediately. According to the security researchers at Malwarebytes Labs, contain these apps are full of malware and are claimed to guarantee a strong Bluetooth pairing with any device.
“Our analysis of this malware starts with us finding an app named Bluetooth Auto Connect (full app information at the bottom of this article). When users first install this malicious app, it takes a couple of days before it begins to display malicious behaviour. Delaying malicious behaviour is a common tactic to evade detection by malware developers. It turns out that this app uses delays quite a bit, as you’ll discover in our analysis,” Collier added.