Android Warning: These malicious apps have had over 1 million downloads from Google Play

Google has removed a series of apps downloaded by more than a million Android users from the Google Play Store that infected smartphones with malware and devices bombarded with malicious pop-up ads.

It was malware Detailed by cybersecurity researchers at Malwarebytes. The apps remained available for download for several days after the research was published, but they have now been removed.

“The apps identified in the report are no longer available on Google Play and the developer has been banned,” a Google spokesperson said in response to ZDNET.

However, while the apps are no longer available for download, users who have already installed the apps will still be infected with malware unless they manually uninstall them.

also: General Wi-Fi Security Tips: Protect Yourself from Malware and Security Threats

The four apps identified as malicious were from a developer called Mobile apps Group and were called ‘Bluetooth Auto Connect’, ‘Bluetooth App Sender’, ‘Mobile Transfer: smart switch’ and ‘Driver: Bluetooth, Wi-Fi and ‘USB’. .

The Bluetooth Auto Connect app alone has over 1 million downloads and was initially uploaded to Google Play two years ago.

According to the researchers, the apps do not show any malicious intent for at least two days after the initial installation. and the Malware Victims are not immediately bombarded with popups and malicious links after starting the activity. First, after displaying the initial pop-up, the malware is asked to wait two hours before displaying the next ad.

After this initial delay, the app frequently opens tabs in Google Chrome to display ad links, which attempt to generate clicks to generate revenue.

The victim does not even need to actively use their phone for the pop-ups to appear – links can be opened in the background. This intrusive activity has led Malwarebytes to classify the malware as Trojan MalwareInstead of adware.

“The aggressiveness of the popups — I opened my test phone once for fifteen open tabs in Chrome after just a few hours — and their extreme dimming is what led us to classify them as Trojan malware,” Nathan Collier, Malwarebytes Malware Intelligence Analyst, told ZDNET, who Be warned that malware may become more dangerous in the future.

“We believe that if you give enough time to also direct phishing sites to sites that will encourage people to enter personal information.”

also: Cyber ​​Security: These are the new things to worry about in 2023

According to the researchers, this is not the first time that Bluetooth Auto Connect or other apps associated with the developer have shown malicious activity. But some updates to the app in the past two years since it was first launched have kept it “clean” for periods.

“It appears that they were allowed to remain after loading clean copies. This latest version uses heavy obfuscation to avoid detection,” Collier said.

It is recommended that users who have downloaded the app uninstall it to remove malware from their Android devices – and while Google Play is the safest place to download Android apps, you should pay attention to what they download.

Some users noticed the malicious behavior and complained about the pop-ups in 1-star ratings on the Google Play Store. Paying attention to this kind of information can help you avoid downloading malicious apps. ZDNET has attempted to contact the developers for comment.

More about cyber security