Android Apps with Malware Get 1M+ Installs on Google Play

Four malicious apps have been found in Google Play according to Bleeping Computer. It directs users to sites that steal sensitive information or generate revenue for operators per click. The sites may also offer downloads for fake security apps or updates, which may cause victims to download malware manually.

The apps that contain malware are still on Google Play, as of today, November 2nd. The infected apps are under the developer called Mobile apps Group, where they managed to get more than one million downloads.

According to Malwarebytes, the developer has been identified as having apps infected with Android/Troja.HiddenAds.BTGTHB, but was allowed to continue since it published cleaned versions of its apps.

The Apps

The four apps are the following:

  • Bluetooth Autoconnect (1M+ downloads)

  • Driver: Bluetooth, Wi-Fi, USB (10k+ downloads)

  • Bluetooth App (50k+ downloads)

  • Mobile Transfer: smart switch (1K+ downloads)

Bluetooth Autoconnect, which holds the most downloads among the four, is the only app under the Mobile apps Group that has reviews. One review stated that ads automatically opened browsers. However, some claimed that the app does work, despite all the adware.

It was reported that it took 72 hours after downloading the app before it starts showing ads. After that, it will start opening phishing links in the user's web browser, which will continue to happen every two hours.

The delay's purpose is for the apps to avoid being detected by malware developers. While some are harmless like leading users to pay-per-view sites, others can be harmful. One instance is that users will be told to update the cleaner for their devices, and even has a countdown where users can download it for free.

Researchers also mentioned that this can happen even if the device is locked. So even if the user is not using their phones, it will still open up in their browsers. Through analyzing the Manifest file, the developers attempted to hide the logs for the actions by labeling the log descriptor as "sdfsdf."

Previous Incidents

Back in September, there were also reports of several apps that had malware and adware, as mentioned in Tom's Guide. There are 36 of these apps posing as image-editing tools, virtual keyboards, system optimizers, live wallpapers, and more.

While the apps prove to be useful, they are full of ads. These apps also push users to buy the premium version, wherein the app will steal social media accounts. Google has already removed most of these apps, but users will have to uninstall them manually. Delete these apps if you have them:

  • Photo Editor: Beauty Filter

  • Photo Editor: Retouch & Cutout

  • Photo Editor: Art Filters

  • Photo Editor - Design Maker

  • Photo Editor & Background Eraser

  • Photo & Exif Editor

  • Photo Editor - Filters Effects

  • Photo Filters & Effects

  • Photo Editor: Blur Image

  • Photo Editor: Cut, Paste

  • Emoji Keyboard: Stickers & GIF

  • Neon Theme Keyboard

  • Neon Theme - Android Keyboard

  • Cache Cleaner

  • FastCleaner: Cashe Cleaner

  • Call Skins - Caller Themes

  • Funny Caller

  • CallMe Phone Themes

  • InCall: Contact Background

  • MyCall - Call Personalization

  • Caller Theme

  • Caller Theme

  • Funny Wallpapers - Live Screen

  • 4K Wallpapers Auto Changer

  • NewScrean: 4D Wallpapers

  • Stock Wallpapers & Backgrounds

  • Notes - reminders and lists

These apps can add themselves to the battery saver's exclusion lists, so users will not be able to detect the app that has been running in the background. They can also hide the app icon by replacing it with a different one, like a core system component such as "SIM Toolkit."

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics