Users are being directed to websites that steal sensitive information or generate ‘pay-per-click’ revenue for the operators by four malicious applications in Google Play, the official Android store.
These sites invite victims to download fake security tools or updates to trick them into manually installing malicious files.
Malicious apps still available on Google Play
The apps still exist on Google Play under a developer account called Mobile apps Group, with more than one million installs.
Malwarebytes reported that the same developer was exposed twice in the past for distributing adware on Google Play, but it continued to publish apps after submitting clean versions.
The four malicious apps uncovered this time are:
Source: Malwarebytes
Source: Malwarebytes
Source: Malwarebytes
Source: Malwarebytes
If you have one of the above apps present on your Android device, it is recommended to remove them and run a full system scan using Play Protect or a mobile antivirus suite from a reputable vendor.
Disguising malware by delaying attacks
Malwarebytes found that Mobile apps Group software displays its first ad or opens a phishing link 72 hours after installing, then continues to launch similar tabs every two hours.
It was common for users to find multiple phishing and advertising websites after returning to their phones after a while, even if the device is locked.
The developer used nonsense log descriptors such as “sdfsdf” to obscure the logs for the actions performed, but this helped the researchers spot them more easily.
How to protect yourself from mobile malware
- You should only install apps from the Google Play Store and look at the number of reviews before you do so.
- When installing an app, pay attention to the permissions it asks for and don’t grant permissions that aren’t necessary for it to function.
- Observe your device’s battery life; if it drains quickly, it could be infected with malware.
- Check network traffic volumes for spikes that could indicate malicious activities running in the background.
