Google has removed a series of apps downloaded by over 1 million Android users from the Google Play store. These apps infected smartphones with malware and bombarded devices with malicious pop-up ads.

This malware has been detailed by Malwarebytes cybersecurity researchers. The app was available for download for days after the survey was published, but has now been removed.

A Google spokesperson told ZDNET, “The apps identified in the report are no longer available on Google Play and have been banned by their developers.

However, although the app is no longer available for download, users who have already installed the app will still be infected with malware unless they manually uninstall it.

The four apps identified as malicious are from a developer called Mobile apps Group and are called “Bluetooth Auto Connect”, “Bluetooth App Sender”, “Mobile transfer: smart switch” and “Driver: Bluetooth, Wi-Fi, USB’.

The Bluetooth Auto Connect app alone has been downloaded over a million times and was first uploaded to Google Play two years ago.

According to researchers, the app does not show any malicious intent for at least two days after initial installation. Also, malware doesn’t just bombard victims with pop-ups and malicious links just after the activity has started. First, after the first popup, the malware tells him to wait two hours before showing the next ad.

After this initial delay, the app repeatedly opens Google Chrome tabs to display advertising links in an attempt to generate clicks and generate revenue.

Victims don’t even have to be actively using their phones for the pop-up to appear. Links can be opened in the background. This intrusion activity has led Malwarebytes to classify this malware as Trojan malware rather than adware.

“Pop-up Aggression – I opened a test phone and opened 15 tabs in Chrome, and in just two hours, it was so obfuscated that it was classified as Trojan malware. Nathan Collier, Malware Intelligence Analyst, Malwarebytes, warned ZDNET that the malware could become even more dangerous in the future.

“Given enough time, we believe phishing sites will also lead to sites that prompt for personal information.”

According to the researchers, this isn’t the first time Bluetooth Auto Connect or other developer-linked apps have shown malicious activity. However, some of the updates he made to the app in the two years since it was first released have been “clean” for a period of time.

“Apparently it was allowed to remain after uploading a clean version. This latest version uses heavy obfuscation to avoid detection,” said Collier. .

Users who have downloaded the app are advised to uninstall the app to remove the malware from their Android device. Google Play is the safest place to download Android apps, but you should be careful what you download.

Some users have noticed the malicious behavior and complained about the popup appearing in their 1-star reviews on the Google Play Store. Paying attention to this kind of information can prevent malicious apps from being downloaded. ZDNET has reached out to the developer for comment.

