You are never too sure of a legitimacy of the application although it turns out that it has approval ratings on the Google Play Store. On November 1, 2022, Malwarebytes Labs analyst Nathan Collier reported on a family of malicious apps developed by Mobile Apps Group that are currently available on the Google App Store even at the time of writing.
Before discussing the details of how the malware works, we advise our readers to pay attention to the following apps and remove them from their devices immediately:
- Bluetooth Auto Connect
- Bluetooth app sender
- Driver: Bluetooth, Wi-Fi, USB
- Mobile transfer: smart switch
All four apps are infected with the Hidden Ads Trojan and the developer appears to be familiar with the common tactics used to evade malware detection because they have created an auto-delay schedule for displaying these advertisements.
The Bluetooth Auto Connect app, for example, takes about four days from the time it’s installed to show its first ad in Chrome. This is followed by further timed delays which are always followed by a sequence of new announcements.
The phishing sites opened in Chrome vary and range from harmless sites used to produce pay-per-click to more dangerous sites that attempt to trick unwary users into claiming that their device has been infected and needs to be updated.
This activity continues in the background even when the mobile device is locked, which means that when unlocking their phone, users will face many phishing website tabs in Chrome that they have to close every time. time.
In their essential blog post, Malwarebytes analysts have compiled a list that shows the long history of HiddenAds variants that have infected this particular application. This behavior, it seems, is also common for other apps in the mobile app group.
What is shocking is that previous versions of these apps contain different versions of Android/Trojan.HiddenAds, the developer is still active on Google Play, distributing more HiddenAds malware.
While it’s unclear why the company’s built-in malware defense program, Google PlayProtectis unable to detect these applications, it turns out that this is not the first time such an issue has come to light.
A recent Bitdefender report, a cybersecurity company, showed that there are up to 35 malicious apps listed on Play Store which total more than 2 million downloads. They also noted that these apps rename themselves and change their app icon after being installed in order to confuse users and avoid detection.
At times like this, when users can’t even rely on the high ratings an app presumably has to verify its authenticity (three of the rogue apps listed above have favorable ratings themselves), it’s difficult to conclude how well one can protect his device against threats. such as adware.
Moreover, with this one example of malware that still hasn’t been removed, one can only imagine the other threats that will not detected on Google Play Store and continue to infect the devices of those who install them.
- Android app with 1b users fails to fix faults; expose to malware
- Play Store apps caught spreading Android malware to millions
- BRATA Android malware factory resets phones after stealing funds
- Google, Microsoft and Oracle generated the most vulnerabilities in 2021
- Scylla ad fraud attack on iOS, Android users stopped by Apple and Google