Malware on the Google Play store leads to harmful phishing sites

Malware on Google Play

Malware on Google Play

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads.

Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.

The four malicious apps uncovered this time are:

  • Bluetooth Auto Connect, with over 1,000,000 installs
  • Bluetooth App Sender, with over 50,000 installs
  • Driver: Bluetooth, Wi-Fi, USB, with over 10,000 installs
  • Mobile transfer: smart switch, with over 1,000 installs

Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube

Delayed ungratification

Our analysis of this malware starts with us finding an app named Bluetooth Auto Connect (full app information at the bottom of this article). When users first install this malicious app, it takes a couple of days before it begins to display malicious behavior.  Delaying malicious behavior is a common tactic to evade detection by malware developers.  It turns out that this app uses delays quite a bit, as you’ll discover in our analysis.

After the initial delay, the malicious app opens phishing sites in Chrome. The content of the phishing sites varies—some are harmless sites used simply to produce pay-per-click, and others are more dangerous phishing sites that attempt to trick unsuspecting users.  For example, one site includes adult content that leads to phishing pages that tell the user they’ve been infected, or need to perform an update.

The Chrome tabs are opened in the background even while the mobile device is locked.  When the user unlocks their device, Chrome opens with the latest site.  A new tab opens with a new site frequently, and as a result, unlocking your phone after several hours means closing multiple tabs.  The users browser history will also be a long list of nasty phishing sites.


Malware on Google Play

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts