Android malware: A million people downloaded these malicious apps before they were finally removed from Google Play - ZDNet

1 year ago 26

Google has removed a bid of apps downloaded by implicit a cardinal Android users from the Google Play Store that infected smartphones with malware and bombarded devices with malicious pop-up ads.

The malware has been detailed by cybersecurity researchers astatine Malwarebytes. The apps were inactive disposable to download for a fig of days aft the probe was published, but they've present been removed.

"The apps identified successful the study are nary longer disposable connected Google Play and the developer has been banned," a Google spokeperson said successful effect to ZDNET.

However, portion the apps are nary longer disposable for download, users who've already installed the apps volition inactive beryllium infected with malware unless they've manually uninstalled them.

Also: Public Wi-Fi information tips: Protect yourself against malware and information threats

The 4 apps that person been identified arsenic malicious were from a developer called Mobile apps Group and were called 'Bluetooth Auto Connect', 'Bluetooth App Sender', 'Mobile transfer: astute switch', and 'Driver: Bluetooth, Wi-Fi, USB'.

The Bluetooth Auto Connect app unsocial boasted much than 1 cardinal downloads and was initially uploaded to Google Play 2 years ago.

According to researchers, the apps don't show immoderate malicious intent for astatine slightest a mates of days aft archetypal installation. And the malware doesn't conscionable instantly bombard victims with pop-ups and malicious links aft the enactment begins. First, aft the archetypal pop-up is displayed, the malware is instructed to hold 2 hours earlier displaying the adjacent ad.

After this archetypal delay, the app repeatedly opens tabs successful Google Chrome to show advertizing links, which effort to make clicks to make revenue.

The unfortunate doesn't adjacent request to beryllium actively utilizing their telephone for the pop-ups to look – the links tin beryllium opened successful the background. This intrusive enactment has led to Malwarebytes classifying the malware arsenic trojan malware, alternatively than adware.

"The aggressiveness of the pop-ups - I erstwhile opened my trial telephone to 15 unfastened tabs successful Chrome aft lone a mates of hours – and the dense obfuscation is what pb america to classify it arsenic trojan malware," Nathan Collier, malware quality expert astatine Malwarebytes told ZDNET, who warned that the malware could go much unsafe successful future.

"We judge fixed capable clip that the phishing sites would besides nonstop to sites that would promote radical to participate idiosyncratic information."

Also: Cybersecurity: These are the caller things to interest astir successful 2023

According to researchers, this isn't adjacent the archetypal clip Bluetooth Auto Connect oregon the different apps linked to the developer person displayed malicious activity. But immoderate of the updates made to the app successful the 2 years since it was archetypal released person made it 'clean' for periods.

"It appears they were allowed to enactment connected aft uploading cleanable versions. This latest mentation uses dense obfuscation to evade detection," said Collier.

It's recommended that users who've downloaded the app uninstall it to region malware from their Android instrumentality – and that adjacent though Google Play is the safest spot to download Android apps, to beryllium mindful astir what they download.

Some users noticed the malicious behaviour and complained astir pop-ups successful one-star reviews connected the Google Play store. Paying attraction to this benignant of accusation could assistance you debar downloading malicious apps. ZDNET has attempted to interaction the developers for comment.