Google fails to remove ‘app developer’ behind malware scam

by James · December 23, 2022

One can never be too sure of one the app’s legitimacy even if it turns out to have approved ratings in the Google Play Store. On November 1, 2022, Malwarebytes Labs analyst Nathan Collier reported on a family of malicious apps developed by the Mobile apps Group that are currently available in the Google app store even at the time of writing.

Before we proceed to discuss the details of the malware’s modus operandi, we advise our readers to watch out for the following apps and delete them from their devices immediately:

Bluetooth Auto Connect
Bluetooth app transmitter
Driver: Bluetooth, Wi-Fi, USB
Mobile transfer: smart switch

All four apps are infected with the hidden ads trojan, and the developer appears to be familiar with common tactics used to avoid malware detection because they have created a self-delayed schedule for displaying these ads.

Google is unable to remove "App developer" Spread of malware — If you have any of these apps on your Android device, remove them now

For example, the Bluetooth Auto Connect app takes about four days from installation to show its first ad in Chrome. This is followed by further timed delays which are always followed by a sequence of new ads.

The phishing websites opened in Chrome varies and ranges from harmless sites used to generate pay-per-clicks to more dangerous sites that try to trick unwary users by stating that their device is infected and needs to be updated.

This activity continues in the background even while the mobile device is locked, meaning that when they unlock their phones, users will be faced with a series of phishing webpage tabs in Chrome that they have to close each time.

In their must-read blog posts, the analysts at Malwarebytes have compiled a list showing the long history of the variants of HiddenAds that have infected this particular app. This behavior, it seems, is also common to the other apps from the Mobile Apps Group.

What is shocking is that previous versions of these apps have been found to contain different versions of Android/Trojan.HiddenAds, the developer is still active on Google Play, distributing more HiddenAds malware.

While it’s unclear why the company’s built-in malware defense program, Google Play Protectis unable to detect these apps, it turns out that this is not the first time such a problem has been uncovered.

A recent one report from Bitdefender, a cyber security company, revealed that there were up to 35 malicious apps listed on the Play Store that have over 2 million downloads in total. They also noticed that these apps rename and change their app icon after being installed to confuse users and remain undetected.

At times like this where users can’t even rely on the good reviews an app supposedly has to confirm its authenticity (three of the malicious apps above have favorable reviews themselves), it’s hard to conclude how well one can protect their device from threats like like adware.

Also, with this one example of malware still not removed, we can only imagine the other threats going undetected in the Google Play Store and continue to infect the devices of those who install them.