Android malware: One million downloads of these malicious apps before they were finally removed from Google Play
Google has removed a series of apps downloaded by more than a million Android users from the Google Play Store that infected smartphones with malware and bombarded devices with malicious pop-up ads.
The malware was detailed by Malwarebytes cybersecurity researchers. The apps were still available for download for a few days after the research was published, but have now been removed.
“The apps identified in the report are no longer available on Google Play and the developer has been banned,” a Google spokesperson said in response to ZDNET.
Although the apps can no longer be downloaded, users who have already installed the apps will still be infected with malware unless they have been manually removed.
Also: Public Wi-Fi Security Tips: Protect yourself from malware and security threats
The four apps identified as malicious are from a developer called Mobile Apps Group and are named ‘Bluetooth Auto Connect’, ‘Bluetooth App Sender’, ‘Mobile Transfer: Smart Switch’ and ‘Driver: Bluetooth, Wi-Fi, USB’.
The Bluetooth Auto Connect app alone boasts over a million downloads and was first uploaded to Google Play two years ago.
According to the researchers, the apps do not show malicious intent for at least a few days after initial installation. And the malware not only bombards victims with pop-ups and malicious links immediately after the activity begins. First, after the initial pop-up appears, the malware instructs you to wait two hours before displaying the next ad.
After an initial delay, the app repeatedly opens tabs in Google Chrome to display ad links that attempt to generate clicks to generate revenue.
The victim does not need to be actively using their phone for the pop-ups to appear – the links can be opened in the background. This intrusive activity led to Malwarebytes classifying the malware as a Trojan rather than adware.
“It’s the aggressiveness of the pop-ups—I once had fifteen tabs open in Chrome on my test phone after just a few hours—and the sheer obfuscation that led us to classify it as Trojan malware,” said Nathan Collier, a malware intelligence analyst. Malwarebytes told ZDNET, who warned that the malware could become more dangerous in the future.
“We believe that given enough time, phishing sites will also redirect people to sites that encourage people to provide personal information.”
Also: Cybersecurity: These are the new things to worry about in 2023
According to the researchers, this is not the first time that Bluetooth Auto Connect or other applications associated with the developer have indicated malicious activity. But in the two years since its first release, some of the updates to the app have made it “clean” for a while.
“It appears they may have remained on after the clean versions were uploaded. This latest version uses heavy obfuscation to avoid detection,” Collier said.
We recommend that users who have downloaded the app uninstall it to remove malware from their Android devices – and even though Google Play is the safest place to download Android apps, be careful what you download.
Some users noticed the malicious behavior and complained about pop-ups in one-star reviews on the Google Play Store. Paying attention to this kind of information can help you avoid downloading malicious apps. ZDNET has attempted to contact the developers for comment.