Android Malware: One million people downloaded these malicious apps before they were finally removed from Google Play
Google has removed a series of apps downloaded by more than a million Android users from the Google Play Store that infected smartphones with malware and attacked devices with malicious pop-up ads.
Malware has been detailed by cybersecurity researchers at Malwarebytes. The apps remained available for download for a number of days after the study was published, but they have now been removed.
“The apps identified in the report are no longer available on Google Play and the developer has been banned,” a Google spokesperson told ZDNET.
However, while the apps are no longer available for download, users who installed the apps will still be infected with malware unless they have manually uninstalled them.
Also: Public Wi-Fi Safety Tips: Protect yourself from malware and security threats
The four apps that have been identified as malicious are from a developer called Mobile apps Group and are called ‘Bluetooth Auto Connect’, ‘Bluetooth App Sender’, ‘Mobile transfer: smart switch’ and ‘Driver: Bluetooth, Wi-Fi, USB’.
The Bluetooth Auto Connect app alone has more than a million downloads and was first uploaded to Google Play two years ago.
According to the researchers, the apps don’t have any malicious intent for at least a few days after their initial installation. And malware not just immediately attack the victim with pop-ups and malicious links after the operation starts. First, after the initial pop-up was displayed, the malware was instructed to wait two hours before displaying the next ad.
After this initial delay, the app repeatedly opened tabs in Google Chrome to display advertising links, in order to generate clicks to generate revenue.
Victims don’t even need to actively use their phone for pop-ups to appear – links can be opened in the background. This intrusive activity has resulted in Malwarebytes classifying the malware as trojan malwarerather than adware.
“The aggressiveness of the pop-ups – I opened my test phone to 15 open tabs in Chrome in just a few hours – and the heavy confusion is what causes us to classify it as part trojan malware,” Nathan Collier, malware intelligence analyst at Malwarebytes told ZDNET, who warned that the malware could become more dangerous in the future.
“We believe there has been enough time for phishing sites to also redirect to sites that encourage people to enter personal information.”
Also: Cybersecurity: Here are the new things to worry about in 2023
According to the researchers, this is not even the first time that Bluetooth Auto Connect or other apps affiliated with the developer have shown malicious activity. But several updates made to the app in the two years since it was first released have made it ‘clean’ for a long time.
“It looks like they are allowed to continue after uploading clean versions. This latest version uses heavy jamming to avoid detection,” Collier said.
Users who have downloaded the app should uninstall it to remove malware from their Android devices – and while Google Play is the safest place to download Android apps, be aware of what they do. download.
Some users noticed malicious behavior and complained about pop-ups in one-star reviews on the Google Play store. Paying attention to this type of information can help you avoid downloading malicious apps. ZDNET has attempted to contact the developers for comment.
MORE ABOUT CYBERSECURITY
