Android users, delete these data-stealing apps from your smartphone now!

What's concerning is the fact that together these four apps have amassed at least one million downloads and that they are from the same developer -- Mobile Apps Group.

  • Security researchers have list four malicious apps on Google Play Store.
  • These Android apps have amassed over one million downloads so far.
  • These Android apps direct users to phishing sites that steal their data.
Google Play Store homes thousands on app on its platform. While all of these app and every update that they release are verified by Google, sometimes some developers manage to sneak in malicious apps on the platform that steal users’ sensitive data when they make it to unsuspecting users’ Android devices. In a recent incident, security researchers have highlighted a bunch of malicious apps on the Google Play Store that are stealing users’ precious data. Also Read - Google brings package tracking feature to Gmail: Here’s how it works

Security researchers at Malwarebytes Labs have detailed four Android apps on the Google Play Store that are infected with an Android trojan called ‘Android/Trojan.HiddenAds.BTGTHB’. While the number of infected apps may not be much, what’s concerning is the fact that together these four apps have amassed at least one million downloads and that they are from the same developer — Mobile Apps Group. Also Read - Google Hangouts is officially dead: How you can download your data

These apps are:

— Bluetooth Auto Connect that has amassed over 10 lakh downloads.
— Driver: Bluetooth, Wi-Fi, USB
— Bluetooth App Sender
— Mobile Transfer: Smart Switch

The researchers in their report said that when users first install any of these malicious apps, they usually take a couple of days before beginning to display malicious behavior. After the initial delay, these malicious apps open phishing sites in Google Chrome web browser. “The content of the phishing sites varies—some are harmless sites used simply to produce pay-per-click, and others are more dangerous phishing sites that attempt to trick unsuspecting users,” Malwarebytes Labs researchers wrote in the blog post.

Furthermore, the report says that the Chrome tabs are opened in the background even while the mobile device is locked. When a user unlocks their device, Chrome opens with the latest site. In addition to that, a new tab opens with a new site frequently, and as a result, unlocking your phone after several hours means closing multiple tabs. These links usually take users to phishing sites and clicking on them can lead to users’ data getting stolen.

“With all the evidence of malicious behaviors, one can only assume this is more than just adware that’s surpassing Google Play Protect detection. With a heavy dose of obfuscation and harmful phishing sites, this is clearly the malware we know as Trojan HiddenAds,” the researchers wrote.

It is advisable that users delete these apps from their Android devices as soon as possible.

  • Published Date: November 4, 2022 5:35 PM IST
