Researchers have found a set of four malicious Android Apps on the Google Play Store that secretly hide malware and redirect users to phishing websites that trick unsuspecting victims into handing over their personal information in exchange for pay-per-click revenue for hackers.
According to Malwarebytes(opens in new tab), the apps from devleoper Mobile apps Group with over one million downloads and are currently available on Google Play. Each contains a “Android/Trojan.HiddenAds” line of code that, once downloaded, delays any malicious activity for 72 hours in order to avoid detection.
Delete these four Android apps from your device.
Bluetooth utility tools that “ensure a strong and reliable Bluetooth pairing with any device” were discovered to be infected with the nasty malware. Because these apps are popular, hackers frequently use them to hide sneaky malware.
Bluetooth Auto Connect (more than 1 million downloads), Bluetooth App Sender (more than 50,000 downloads), Driver: Bluetooth, Wi-Fi, USB (more than 10,000 downloads), and Mobile transfer: smart switch are among the apps in this category (over 1,000 downloads). If you find any of these on your Android device, remove them immediately.
According to the report, even when the device is locked, the apps continue to open phishing sites in Google Chrome after the initial delay. Once enabled, a new tab opens with the most recent malicious site, and new tabs open with a new site on a regular basis from then on.
These phishing sites range from more benign tactics to generate income through pay-per-click (similar to adware) to more malicious websites that trick people and steal sensitive information. The report also includes an example of a website informing the user that they have been infected and must update or download suspicious apps.
BleepingComputer has contacted Google and the malicious app developer but has yet to receive a response, implying that it is best to avoid these apps while they are available on Google Play.
Older versions of the same apps with different variations of the Android/Trojan. HiddenAds code had been spotted before. If ads start popping up on your device after downloading an app, it;s likely the source is from the app itself. Just because an app has over a million downloads doesn’t mean its trustworthy.
Clear your browser’s cache and history to remove any lingering adware. Clearing your cache on your Android smartphone and clearing your cache on your iPhone is also a good idea. These cybersecurity programmes can scan your device for adware and remove it, as well as prevent future malware uploads and pop-up ads.