A set of four malicious applications currently available in Google Play, the official store for the Android system, are directing users sites that steal sensitive information or generate ‘pay-per-click’ revenue for the operators.
Some of these sites offer victims to download fake security tools or updates, to trick users into installing the malicious files manually.
At the time of publishing, the apps are still present on Google Play under a developer account called Mobile apps Group, and have a total install count of more than one million.
According to a report from Malwarebytes, the same developer was exposed twice in the past for distributing adware on Google Play but it was allowed to continue publishing apps after submitting cleaned versions.
The four malicious apps uncovered this time are:
- Bluetooth Auto Connect, with over 1,000,000 installs
- Bluetooth App Sender, with over 50,000 installs
- Driver: Bluetooth, Wi-Fi, USB, with over 10,000 installs
- Mobile transfer: smart switch, with over 1,000 installs
The apps don’t have favorable reviews on Google Play and many users left comments about intrusive ads that open automatically in new browser tabs.
Interestingly, the developer responds to some of these comments, offering to help resolve the ad problems.
BleepingComputer has contacted ‘Mobile apps Group’ to request a comment about the Malwarebytes researchers' findings but we have not heard back yet.
72 hours of delay
By monitoring the activity of the software from Mobile apps Group, Malwarebytes found that the apps have a 72-hour delay before showing the first ad or opening a phishing link in the web browser, and then continue to launch more tabs with similar content every two hours.
The researchers note that new browser tabs are opened even when the device is locked, so when users return to their phones after a while, they find multiple phishing and ad sites opened.
Analysis of the Manifest file revealed that the developer tried to obfuscate logs for the actions performed by using nonsense log descriptor such as "sdfsdf."
While this method works against automated code scanners, it helped the researchers spot the actions easier.
To keep adware away from your device, avoid installing apps from unofficial Android stores. Reading user reviews, monitoring battery usage, and network data activity, also helps determine if the device is running suspicious software. Keeping Google's Play Protect feature active is also a good way to keep the device safer.
If you have one of the above apps present on your Android device, it is recommended to remove them and run a full system scan using Play Protect or a mobile antivirus suite from a reputable vendor.
BleepingComputer has also contacted Google for a comment about the developer's history and their current apps, and we will update this story as soon as we hear back.
Update 11/10/2022 - A Google spokesperson has provided us the following comment:
The apps identified in the report are no longer available on Google Play and the developer has been banned.
Comments
Dr. Technical - 1 year ago
This is just one more example of how the apps stores for the major players in the smartphone arena are incapable of making sure that apps are not malicious.
Why should ANY of us trust them to allow only useful apps with no security or privacy threats embedded in them?
Are we even aware of what steps are taken when an app is submitted to verify its content and purpose? What happens when an update is submitted to that app? Is the same vigor applied to assessing any threats? Or does the app update get a "pass" because its original version was allowed into the apps store?
We have NO KNOWLEDGE of what is going into the app stores! Apparently, the owners of those app stores have no knowledge either.
ThomasMann - 1 year ago
I cannot see a problem.... If you are someone whose life first of all consists of staring at your phone all day long, then you deserve this.
Non-morons are busy reducing their phone time. The huge rest of "humanity" feels better having more and more apps on their phone... because it proofs to them that they are soooooo important.
You are one of those? Then I am afraid you will have to live with the reality that actually exists. Basically NO ONE in digital world is trying to do you favor with their product, they do what they do to make money at your expense. No one forces you. if you still do it, do not blame others, it is YOUR fault and yours alone... So quit your childish complaining!
Dr. Technical - 1 year ago
So, you don't see a problem if someone claims to protect you and then obviously doesn't?
I am not certain that anyone likes your attitude that smartphone users should just accept that their smartphones can be hijacked by malware as a fact of life, and there's nothing that can be done about it other than to stop using their phones.
The tech giants claim their app stores protect you from malicious apps. That is clearly NOT the case, and it is irrelevant how much time a user spends using their phone and the apps installed on it. Google has their "Play Protect" sign on apps that they apparently cannot guarantee are actually free of malware.
I certainly hope you are not in charge of any company where other people's money or lives is/are at risk. Your attitude that users of technology deserve whatever that technology targets them with would be enough to scare away any thoughtful person. And I certainly wouldn't hire you to do quality control to ensure that things performed as they were promised to do. You apparently don't care that people do what they told you they were going to do. To me, that is a breach of trust, and I don't accept that it has to be that way.
TsVk! - 1 year ago
Reality sucks for you, because no matter what providers do malicious actors will still find a way to get malwares past their protections at times. It is impossible to protect against the unknown. It's a endless cycle, and it is the way it is, and reality doesn't care whether or not you accept it.
Thor113 - 1 year ago
"Reality sucks for you, because no matter what providers do malicious actors will still find a way to get malwares past their protections at times. It is impossible to protect against the unknown. It's a endless cycle, and it is the way it is, and reality doesn't care whether or not you accept it."
Pretty much, I mean look at the number of flashlight apps on Google play most of those came in the time before the flashlight was integrated into the phone.
Issue with these they should so good with all the bluetooth settings neatly together
Which let's say on Android phone you have to keep searching for the right settings and there usually not close together
DeadSquirrel - 1 year ago
How dare people want to use quality of life apps to help with their Bluetooth connectivity issues!!!!!!!!!!