Malwarebytes Labs spotted a new set of malicious apps on the Google Play Store, which is infected with trojans. The four apps collectively amassed at least a million downloads. 

Diving into details

The apps—Bluetooth Auto Connect; Driver: Bluetooth, Wi-Fi, USB; Bluetooth App Sender; and Mobile transfer: smart switch—have been developed by the Mobile apps Group
  • The Android apps are propagating the latest version of the HiddenAds malware.
  • Researchers found that the apps wait for a few days to exhibit malicious behavior - a common technique to evade detection.
  • Subsequently, they open phishing pages in the Chrome browser for information stealing. While some may be harmless, others include more clever schemes to lure unsuspecting users.

About HiddenAds

First discovered in July by McAfee, HiddenAds is propagated via Android apps masquerading as cleaner apps on the Google Play Store.
  • Apart from running malicious activities right after installation, the malware would also hide and display ads to victims. 
  • Mobile apps Group has previously been caught twice by Google Play Store for developing malicious apps. 
  • All the apps have been laced with various versions of the HiddenAds malware. The latest version 4.6 was released on December 15, 2021 on the Play Store. 

Google Play infested with malicious apps

  • Five malicious apps on the Google Play Store were found disseminating Vultur and SharkBot trojans. The apps had been downloaded 130,000 times.
  • The Play Store had removed 16 apps propagating Clicker. The Android malware had infected over 20 million users. 
  • In September, researchers found 75 apps on Google Play and 10 on Apple’s App Store conducting ad fraud. The applications have been downloaded 13 million times.

The bottom line

Google Play Store has become a common festering ground for malicious apps dropping various kinds of malware. The latest version of apps from Mobile apps Group are not simply adware but also for information stealing. Users are recommended to monitor their apps for malicious or suspicious activity.
Cyware Publisher