Four dangerous Android mobile apps have been detected in the Google Play Store, which you should delete immediately.
No matter what an app looks like, there’s always a chance it’s malicious.
In the Google Play Store we see similar cases all the time, and this week another batch of malicious apps was revealed. Unfortunately, these apps are still active on the Play Store at the time of writing, so you should avoid them at all costs.
Analysts from Malwarebytes Labs have identified a group of malicious Android apps infected with a hidden ad trojan. All four apps come from the developer ‘Mobile Apps Group’ and have a total of over one million downloads.
Malwarebytes Labs analyst Nathan Collier notes that this developer (Mobile Apps Group) has distributed malware to the Google Play Store in the past. He says it’s unclear whether Google is actually aware of the Mobile Apps Group’s action, but notes that some versions of the popular Bluetooth Auto Connect app have been clean in the past. This suggests that the company was alerted to the malware and actually uploaded a clean version of the app, before eventually loading it with more malware.
According to Malwarebytes, apps do not exhibit malicious behavior within the first 72 hours of download. After this delay, apps start opening phishing sites in Chrome. Some of the sites are relatively harmless as they generate revenue when the user clicks on ads. Other sites are more dangerous and try to trick users into telling them they are infected or need to update their device.
Collier shared more details about how the malware works in his blog post:
“Chrome tabs open in the background, even when the device is locked. When the user unlocks their device, Chrome opens with the most recent website. A new tab is often opened with a new website and therefore unlocking your phone after several hours means many tabs will be closed. The user’s browser history will eventually include a long list of malicious websites.”
It continues: “This is particularly concerning because the Mobile Apps Group has uploaded clean versions of these apps in the past. In other words, they weren’t always malicious, and that’s apparently enough to keep them in the Google Play Store.”
