These Android Apps With A Million Play Store Installations Redirect Users To Malicious Sites

As part of an adware and data-stealing campaign, a set of four Android apps created by the same developer have been found to route users to dangerous websites.

The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times.

ALSO, READ How To Choose The Right Online Cybersecurity Degree/Course

According to Malwarebytes, the websites are designed to generate revenues through pay-per-click ads, and worse, prompt users to install cleaner apps on their phones with the goal of deploying additional malware.

The list of apps is as follows –

These Android Apps With A Million Play Store Installations Redirect Users To Malicious Sites

• Bluetooth App Sender (com.Bluetooth.share.app) – 50,000+ downloads
• Bluetooth Auto Connect (com.Bluetooth.auto-connect.any devices) – 1,000,000+ downloads
• Driver: Bluetooth, Wi-Fi, USB (com.driver.finder.Bluetooth.wifi.USB) – 10,000+ downloads
• Mobile transfer: smart switch (com.mobile.faster.transfer.smart.switch) – 1,000+ downloads

It’s no surprise that malicious apps have devised new ways to get past Google Play Store security protections. One of the more popular tactics adopted by threat actors is to introduce time-based delays to conceal their malicious behaviour.

According to Malwarebytes’ investigation, the apps wait about four days before launching the first phishing site in the Chrome browser and then open more tabs every two hours after that.

ALSO, READ Most Common Mobile Security Threats & How To Protect Your Device

These Android Apps With A Million Play Store Installations Redirect Users To Malicious Sites

The apps are part of a broader malware operation called HiddenAds, which has been active since at least June 2019 and has a track record of illicitly earning revenues by redirecting users to advertisements.

The findings also come as researchers from Guardio Labs disclosed details of a malvertising campaign dubbed Dormant Colors that leverages rogue Google Chrome and Microsoft Edge extensions to hijack user search queries to an actor-controlled domain.

CYBERINFORMER.NET –  brings updates on the latest cyber security tips, online safety tips and cyber information, cyber security courses for Nigerians and Foreigners, Cyber security jobs for seekers and much more…

Here, you can read and share thoughts, ideas, and opinions and get updates from around the globe in the world of CYBERSECURITY.