Malicious applications continue to roam freely in the official Android app store. Despite the protection measures of the Internet giant and how quickly they act to delete them from the Google Play Store when they are detected, although in cases like today’s, they remain active in the store and compromise the security of users.
On this occasion, a set of four Android applications published by the same have been discovered developer named Mobile apps Group that directed victims to malicious websites as part of an adware and information theft campaign.
4 Android apps to avoid
According to the cybersecurity firm malwarebytes, these applications, which are still available in the Google Play Store, accumulate a total of more than a million downloads, which gives an idea of the danger and how it has spread. You yourself, or perhaps a family member or acquaintance, could still have them on your mobile without knowing that they are harmful. These are designed to generate revenue through pay-per-click advertisements, and worse, they entice users to install cleaner apps on their phones in order to deploy additional malware.
-
Bluetooth App Sender (com.bluetooth.share.app) – over 50,000 downloads
-
Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices) – over 1,000,000 downloads
-
Driver: Bluetooth, Wi-Fi, USB (com.driver.finder.bluetooth.wifi.usb) – 10,000+ downloads
-
Mobile transfer: smart switch (com.mobile.faster.transfer.smart.switch) – over 1,000 downloads
It’s no surprise that malicious apps have come up with new ways to bypass the Google Play Store’s security protections. One of the most popular tactics adopted by threat actors is to introduce time-based delays to hide their malicious behavior. Malwarebytes’ analysis found that apps had a waiting period of about four days before opening the first phishing site in the Chrome browser, and then launching more tabs every two hours.
A phishing nightmare
The content of phishing sites varies: some are harmless sites used simply to produce pay-per-clicks, and others are more dangerous phishing sites that attempt to trick unsuspecting users. For example, a site contains adult content that leads to phishing pages that tell the user that they have been infected or that they need to upgrade.
Chrome tabs open in the background even when the mobile device is locked. When the user unlocks their device, Chrome opens with the latest site. A new tab with a new site is opened frequently, and as a result, unlocking the phone after several hours means closing multiple tabs. Users’ browser history will also be a long list of nasty phishing sites.
The apps are part of a larger malware operation called HiddenAds, which has been active since at least June 2019 and has a history of illicit profits by redirecting users to ads.
