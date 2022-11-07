



No matter how legitimate an app may appear, it is always possible that it is actually malicious. A new batch of malicious apps has been spotted this week in the Google Play store. Worse, these apps are still active in Google’s app store at the time of writing, so avoid them at all costs.

On Tuesday, Malwarebytes Labs analysts revealed a family of malicious Android apps infected with a hidden advertising Trojan. All four apps are from the developer’s Mobile apps Group and have been downloaded over 1 million times in total.

Malwarebytes Labs analyst Nathan Collier points out that the developer has previously distributed malware on Google Play. He says it’s unclear if Google actually caught the Mobile apps Group, but said that some versions of the popular Bluetooth Auto Connect app have been clean in the past. It suggests that the developer found and uploaded a clean version of the app before eventually loading more malware.

Android malware apps from Google Play Store.Image Source: Google Play Remove These Android Malware Apps ASAP

Below are four apps. If you have these apps on your device, you should remove them all.

Bluetooth Auto Connect Bluetooth App Sender Driver: Bluetooth, Wi-Fi, USB Mobile Transfer: Smart Switch

According to Malwarebytes, apps do not exhibit malicious behavior within the first 72 hours after being downloaded. After a self-imposed delay, these apps start opening phishing sites in Chrome. Some sites are relatively harmless and make money by getting users to click on ads. Other sites are more dangerous and try to trick users by saying they are infected or need to update their device.

Collier shared more details about how the malware works in his blog post.

Chrome tabs open in the background even if your mobile device is locked. When the user unlocks the device, Chrome opens with the latest site. New sites often open new tabs, so when you unlock your phone after a few hours, you end up closing multiple tabs. A user’s browser history also turns into a long list of nasty phishing sites.

This is of particular concern as the Mobile apps Group has uploaded clean versions of these apps in the past. In other words, they are not always malicious and that seems to be enough to stay on Google Play. Again, all four of these apps are available for free from the Play Store at the time of writing, so obviously the system isn’t working.

More Google news: Update Google Chrome now to patch high-risk security flaws

