More than a million Android users were tricked into downloading dangerous apps from the Google Play Store. Malwarebytes security experts discovered the dangerous software loaded with malware that led unsuspecting users to phishing websites designed to steal sensitive, personal data. Fortunately, the four apps have been removed from the Google Play Store, but if you downloaded them before they were removed from the list, you should remove them from your Android device as soon as possible.
The offending apps were all released by a developer called the ‘Mobile apps Group’ whose official website – at the time of writing – is inaccessible.
The most popular app that this developer released on the Play Store was called Bluetooth Auto Connect. This app was released in October 2020 and has been downloaded over a million times.
The other offending apps were Bluetooth App Sender, Mobile transfer: smart switch, and Driver: Bluetooth, Wi-Fi, USB.
One of the ways these apps managed to evade detection by Android security systems is by delaying the implementation of malicious behavior.
The first few days after installing these apps, nothing seems unpleasant, but then spam phishing websites appear on a victim’s device.
At first it may seem that these websites are not too much of a concern, but as time passes, the pages become more and more insidious.
Malwarebytes explained: “After the initial delay, the malicious app opens phishing sites in Chrome. The content of the phishing sites varies – some are harmless sites that are simply used to produce pay-per-click, and others are more dangerous phishing sites that attempt to trick unsuspecting users, for example, a site contains adult content that leads to phishing pages that inform the user that they are infected or need an update.
“Chrome tabs open in the background even when the mobile device is locked. When the user unlocks their device, Chrome opens with the latest site. A new tab opens periodically with a new site, resulting in unlocking your phone after several hours means closing multiple tabs. The user’s browser history will also be a long list of nasty phishing sites.”
While these apps no longer appear in the Google Play Store, anyone who has already downloaded them should uninstall them to keep their Android device safe.
Here’s how to uninstall an app you’ve downloaded from the Play Store on your Android device…
Open the Google Play Store app
Tap the profile icon in the top right
Tap Manage apps and devices. To manage
Tap the name of the app you want to uninstall