Four malicious apps have been found in Google Play according to Bleeping Computer. It directs users to sites that steal sensitive information or generate revenue for operators per click. The sites may also offer downloads for fake security apps or updates, which may cause victims to download malware manually.
The apps that contain malware are still on Google Play, as of today, November 2nd. The infected apps are under the developer called Mobile apps Group, where they managed to get more than one million downloads.
According to Malwarebytes, the developer has been identified as having apps infected with Android/Troja.HiddenAds.BTGTHB, but was allowed to continue since it published cleaned versions of its apps.
The Apps
The four apps are the following:
Bluetooth Autoconnect (1M+ downloads)
Driver: Bluetooth, Wi-Fi, USB (10k+ downloads)
Bluetooth App (50k+ downloads)
Mobile Transfer: smart switch (1K+ downloads)
Bluetooth Autoconnect, which holds the most downloads among the four, is the only app under the Mobile apps Group that has reviews. One review stated that ads automatically opened browsers. However, some claimed that the app does work, despite all the adware.
It was reported that it took 72 hours after downloading the app before it starts showing ads. After that, it will start opening phishing links in the user's web browser, which will continue to happen every two hours.
The delay's purpose is for the apps to avoid being detected by malware developers. While some are harmless like leading users to pay-per-view sites, others can be harmful. One instance is that users will be told to update the cleaner for their devices, and even has a countdown where users can download it for free.
Researchers also mentioned that this can happen even if the device is locked. So even if the user is not using their phones, it will still open up in their browsers. Through analyzing the Manifest file, the developers attempted to hide the logs for the actions by labeling the log descriptor as "sdfsdf."
Previous Incidents
Back in September, there were also reports of several apps that had malware and adware, as mentioned in Tom's Guide. There are 36 of these apps posing as image-editing tools, virtual keyboards, system optimizers, live wallpapers, and more.
While the apps prove to be useful, they are full of ads. These apps also push users to buy the premium version, wherein the app will steal social media accounts. Google has already removed most of these apps, but users will have to uninstall them manually. Delete these apps if you have them:
Photo Editor: Beauty Filter
Photo Editor: Retouch & Cutout
Photo Editor: Art Filters
Photo Editor - Design Maker
Photo Editor & Background Eraser
Photo & Exif Editor
Photo Editor - Filters Effects
Photo Filters & Effects
Photo Editor: Blur Image
Photo Editor: Cut, Paste
Emoji Keyboard: Stickers & GIF
Neon Theme Keyboard
Neon Theme - Android Keyboard
Cache Cleaner
FastCleaner: Cashe Cleaner
Call Skins - Caller Themes
Funny Caller
CallMe Phone Themes
InCall: Contact Background
MyCall - Call Personalization
Caller Theme
Caller Theme
Funny Wallpapers - Live Screen
4K Wallpapers Auto Changer
NewScrean: 4D Wallpapers
Stock Wallpapers & Backgrounds
Notes - reminders and lists
These apps can add themselves to the battery saver's exclusion lists, so users will not be able to detect the app that has been running in the background. They can also hide the app icon by replacing it with a different one, like a core system component such as "SIM Toolkit."