>
Researchers have discovered a collection of malicious apps in the Google Play Store that have been downloaded more than a million times.
Malwarebytes researchers detailed in a blog post (opens in new tab) how they found a total of four apps, all from the same account – Mobile Apps Group. The apps are called “Bluetooth Auto Connect”, “Driver: Bluetooth, Wi-Fi, USB”, “Mobile Transfer: Smart Switch” and “Bluetooth App Sender”. Obviously, they must all be utility apps.
However, they are really designed to bring undeserved ad revenue to the developers and sometimes even trick them into downloading infostealers, malware or other types of viruses. The researchers found that these apps contain HiddenAds – malware that becomes active a few days after the app is downloaded to better hide malicious activity.
Malicious Activity
Once the malware starts working, it does a number of things, such as opening new Chrome tabs in the background (even when the endpoint is locked) to load various ads. Sometimes these ads are completely malicious and claim that the victim’s device is infected with a virus and needs an antivirus program (opens in new tab) immediately app.
While Google is usually pretty quick about removing such apps from its app repository, these four are still active and available for download at the time of going to press. In fact, even if the company removes them, it would only protect future potential victims. The million+ users who have already downloaded these apps will not be safe until they completely remove them from their devices.
Every now and then, researchers discover malicious apps in the major mobile app repositories, the Play Store and the App Store. Despite the best efforts of Google and Apple, sometimes these apps come through, which means that just being in these stores is no guarantee that the app is “clean”. Users are advised to always read through a few reviews (especially negative ones) and look for apps with high ratings and high download numbers.