Android malware: A million people downloaded these malicious apps before they were finally removed from Google Play

a-concerned-woman-looking-at-her-smartphone-getty.jpg

Image: Getty

Google has removed a series of apps downloaded by over a million Android users from the Google Play Store that infected smartphones with malware and bombarded devices with malicious pop-up ads.

The malware has been detailed by cybersecurity researchers at Malwarebytes. The apps were still available to download for a number of days after the research was published, but they’ve now been removed.

“The apps identified in the report are no longer available on Google Play and the developer has been banned,” a Google spokeperson said in response to ZDNET.

However, while the apps are no longer available for download, users who’ve already installed the apps will still be infected with malware unless they’ve manually uninstalled them.

Also: Public Wi-Fi safety tips: Protect yourself against malware and security threats

The four apps that have been identified as malicious were from a developer called Mobile apps Group and were called ‘Bluetooth Auto Connect’, ‘Bluetooth App Sender’, ‘Mobile transfer: smart switch’, and ‘Driver: Bluetooth, Wi-Fi, USB’.   

The Bluetooth Auto Connect app alone boasted more than one million downloads and was initially uploaded to Google Play two years ago. 

According to researchers, the apps don’t demonstrate any malicious intent for at least a couple of days after initial installation. And the malware doesn’t just immediately bombard victims with pop-ups and malicious links after the activity begins. First, after the initial pop-up is displayed, the malware is instructed to wait two hours before displaying the next ad. 

After this initial delay, the app repeatedly opens tabs in Google Chrome to display advertising links, which attempt to generate clicks to generate revenue. 

The victim doesn’t even need to be actively using their phone for the pop-ups to appear – the links can be opened in the background. This intrusive activity has led to Malwarebytes classifying the malware as trojan malware, rather than adware. 

“The aggressiveness of the pop-ups – I once opened my test phone to fifteen open tabs in Chrome after only a couple of hours – and the heavy obfuscation is what lead us to classify it as trojan malware,” Nathan Collier, malware intelligence analyst at Malwarebytes told ZDNET, who warned that the malware could become more dangerous in future.  

“We believe given enough time that the phishing sites would also direct to sites that would encourage people to enter personal information.”

Also: Cybersecurity: These are the new things to worry about in 2023

According to researchers, this isn’t even the first time Bluetooth Auto Connect or the other apps linked to the developer have displayed malicious activity. But some of the updates made to the app in the two years since it was first released have made it ‘clean’ for periods.

“It appears they were allowed to stay on after uploading clean versions. This latest version uses heavy obfuscation to evade detection,” said Collier. 

It’s recommended that users who’ve downloaded the app uninstall it to remove malware from their Android device – and that even though Google Play is the safest place to download Android apps, to be mindful about what they download.  

Some users noticed the malicious behaviour and complained about pop-ups in one-star reviews on the Google Play store. Paying attention to this kind of information could help you avoid downloading malicious apps. ZDNET has attempted to contact the developers for comment.

MORE ON CYBERSECURITY

READ MORE HERE