These malicious Android apps have been downloaded over a million times

Utility Android apps spreading trojans through the Play Store once again

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have uncovered a collection of malicious apps on theGoogle Play Storethat have been downloaded more than a million times.

Researchers from Malwarebytes detailed in ablog posthow they found a total of four apps, all from the same account - Mobile apps Group. The apps are called “Bluetooth Auto Connect”, “Driver: Bluetooth, Wi-Fi, USB”, “Mobile Transfer: Smart Switch”, and “Bluetooth App Sender”. Clearly, all of them are supposed to be utility apps.

However, what they are really designed to do is bring undeserved ad revenue to the developers, and sometimes even trick them into downloading infostealers,malware, or other types of viruses. The researchers discovered these apps carrying HiddenAds - malware that actives a few days after the app had been downloaded, in order to better conceal malicious activity.

Malicious activity

Once the malware starts working, it does a number of things, such as opening up new Chrome tabs in the background (even when the endpoint is locked) to load various ads. Sometimes, these ads are full-blown malicious, claiming the victim’s device is infected with a virus and needs anantivirusapp immediately.

This Android malware is so dangerous, even Google is worried>This wallet-draining Android malware has been downloaded millions of times>These are the best firewalls around

While Google is usually pretty fast at removing such apps from its app repository, these four are still active and downloadable at press time. What’s more, even if the company removes them, it would only protect future potential victims. The million+ users that have already downloaded these apps won’t be safe unless they remove them from their devices completely.

Every now and then, researchers discover malicious apps sitting in major mobile app repositories, Play Store and App Store. Despite Google’s andApple’s best efforts, sometimes these apps make it through, meaning simply being in these stores is no guarantee the app is “clean”. Users are advised to always read through a few reviews (negative ones, particularly), and look for apps with high ratings and high download counts.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year