A group of malicious apps capable of phishing attacks have been discovered on the Google Play Store with installs of up to one million downloads, according to security researchers from US internet security firm Malwarebytes Labs. These malicious Android apps have been developed by a common developer named as Mobile apps Group.
Older versions of these rogue apps were previously detected as different variants of Android/Trojan.HiddenAds. Surprisingly, the developer Mobile apps Group is still active on the official Google Play Store and spreading its “HiddenAds” malware. The developer was allowed to publish apps after submitting clean versions.
“A family of malicious apps from developer Mobile apps Group is listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. A total of four apps are listed and together they have amassed at least one million downloads,” Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes wrote in a blog post.
The four malicious Android apps discovered this time include Bluetooth Auto Connect, with over 1,000,000 installs, Bluetooth App Sender, with over 50,000 downloads, Driver: Bluetooth, Wi-Fi, USB, with over 10,000 installs and Mobile transfer: smart switch, with more than 1,000 installations.
It should be noted that these apps have not received good reviews on the Google Play Store, with users writing that they are full of intrusive ads that automatically open in new browser tabs.
Since these four rogue apps are listed on Google Play Store and can be discovered easily, we recommend users to uninstall them immediately. According to security researchers from Malwarebytes Labs, these apps contain a lot of malware and are supposed to ensure strong Bluetooth pairing with any device.
“Our analysis of this malware starts by looking for an app named Bluetooth Auto Connect (full info about the app at the bottom of this article). When users first install this rogue app, it takes a few days before before it starts displaying malicious behavior. Delaying malicious behavior is a common tactic to evade detection by malware developers. This app turns out to use a lot of delays, as you’ll find out in our review added Collier.