Malicious Android Apps

It seems that the Google app store has still not been able to catch malicious applications, as they are still being listed there. In the Google Play store, there are currently four malicious apps that are available.

The 4 malicious applications that were listed by the developer “Mobile apps Group” and detected by the security experts at Malwarebytes are extremely stealthy and sophisticated. 

This is because they steal users’ sensitive data and also generate PPC revenue for operators by directing users to specially crafted fake websites. While these four malicious applications were infected with Android/Trojan.HiddenAds.BTGTHB.

EHA

The platform appears to not even be kicking malicious developers off the platform for any of the citations that they have received. A total of one million downloads have been recorded for these apps together.

“The operators of these fake websites trick victims into downloading fake security tools or updates to make them manually install malicious files or apps. To deploy additional malware, these malicious apps also suggest users to install cleaner apps on their phones in most worse scenarios,” said Malwarebytes report shared with Cyber Security News.

Four Malicious Apps

Here below we have mentioned the four malicious apps with all their key details:-

  • App name: Bluetooth Auto Connect
  • Package name: com.bluetooth.autoconnect.anybtdevices
  • Developer: Mobile apps Group
  • MD5: C28A12CE5366960B34595DCE8BFB4D15
  • Google Play URL: https://play.google.com/store/apps/details?id=com.bluetooth.autoconnect.anybtdevices
  • Downloads: 1M+ Downloads
  • App Name: Driver: Bluetooth, Wi-Fi, USB
  • Package name: com.driver.finder.bluetooth.wifi.usb
  • Developer: Mobile apps Group
  • MD5: 9BC55834B713B506E92B3787BE83F079
  • Google Play URL: https://play.google.com/store/apps/details?id=com.driver.finder.bluetooth.wifi.usb
  • Downloads: 10K+ Downloads
  • App Name: Bluetooth App Sender
  • Package name: com.bluetooth.share.app
  • Developer: Mobile apps Group
  • MD5: F764F5A04859EC544685E30DE4BD3240
  • Google Play URL: https://play.google.com/store/apps/details?id=com.bluetooth.share.app
  • Downloads: 50K+ Downloads
  • App Name: Mobile transfer: smart switch
  • Package name: com.mobile.faster.transfer.smart.switch
  • Developer: Mobile apps Group
  • MD5: AEA33292113A22F46579F5E953596491
  • Google Play URL: https://play.google.com/store/apps/details?id=com.mobile.faster.transfer.smart.switch
  • Downloads: 1K+ Downloads

Further Analysis

There were two previous instances where the same developer was caught distributing adware via Google Play for malicious apps. However, after submitting cleaned versions of the apps, it was allowed to continue publishing them.

On Google Play, there are a large number of negative reviews and comments regarding the apps. However, it is interesting to note that some of the comments were responded to by the developer.

The most shocking thing is that at the time of writing this article we found the apps are still live on Google Play Store.

There was a 72-hour delay between when an ad appeared on the screen and when a phishing link opened in the web browser before the app showed the first ad. Then every two hours, it automatically launches more tabs containing similar content in the same manner.

This malware operation, HiddenAds, is part of a much larger scheme, and it entails more and more malicious apps like these. Since 2019 this operation has been active and has an extremely illicit track record.

Penetration Testing As a Service – Download Red Team & Blue Team Workspace

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.