One can never be too sure about an app’s legitimacy even if it is found to have approving ratings on the Google Play store. On 1st November 2022, Malwarebytes Labs analyst Nathan Collier reported on a family of malicious apps developed by Mobile apps Group that are currently available on Google’s app store even at the time of writing.
Before proceeding to discuss the details of the malware’s workings, we advise our readers to watch out for the following apps and delete them from their devices immediately:
- Bluetooth Auto Connect
- Bluetooth App Sender
- Driver: Bluetooth, Wi-Fi, USB
- Mobile transfer: smart switch
All four apps are infected with the hidden ads trojan and the developer seems to be familiar with common tactics used to evade detection of malware because they have created a self-delaying schedule for the displaying of these ads.
The Bluetooth Auto Connect app, for example, takes approximately four days from the time it is installed to display its first ad in Chrome. This is followed by further timed delays which are always succeeded by a sequence of new ads.
The phishing sites opened in Chrome vary and range from harmless sites used to produce pay-per-click to more dangerous sites that attempt to trick unwary users by stating that their device has been infected and needs to be updated.
This activity continues in the background even while the mobile device is locked which means that upon unlocking their phones, users will be faced with numerous phishing website tabs in Chrome that they will have to close each time.
In their must-read blog post, the analysts at Malwarebytes have compiled a list that shows the long history of the variants of HiddenAds that have infected this particular app. This behavior, it seems, is also common for the other apps from the Mobile apps Group.
What’s shocking is that previous versions of these apps have been found to contain varying versions of Android/Trojan.HiddenAds, the developer is still active on Google Play, distributing more HiddenAds malware.
Although it’s unclear why the company’s built-in malware defense program, Google Play Protect, is unable to detect these apps, it turns out that this is not the first time such an issue has been brought to light.
A recent report from Bitdefender, a cybersecurity company, showed that there were up to 35 malicious apps being listed on Play Store that have over 2 million downloads combined. They also noted that these apps rename themselves and change their app icon after being installed in order to confuse users and remain undetected.
At times like this where users cannot even rely on the good ratings that an app presumably has to verify its authenticity (three of the malicious apps listed above have favorable ratings themselves), it is difficult to conclude how well one can guard its device against threats such as adware.
Moreover, with this one example of malware that has still not been removed, we can only imagine the other threats that go undetected on the Google Play Store and continue to infect the devices of those who install them.
- Android app with 1b users fails to fix flaws; expose to malware
- Play Store Apps Caught Spreading Android Malware to Millions
- BRATA Android malware factory resets phones after stealing funds
- Google, Microsoft and Oracle generated most vulnerabilities in 2021
- Scylla Ad Fraud Attack on iOS, Android Users Halted by Apple and Google