RV_ Posted November 13, 2022 Report Share Posted November 13, 2022 (edited) Cybersecurity researchers identify an aggressive adware campaign. The developer is now banned from Google Play - but if you've not uninstalled the apps, you're still infected. Excerpt: "The apps identified in the report are no longer available on Google Play and the developer has been banned," a Google spokeperson said in response to ZDNET. However, while the apps are no longer available for download, users who've already installed the apps will still be infected with malware unless they've manually uninstalled them. The four apps that have been identified as malicious were from a developer called Mobile apps Group and were called 'Bluetooth Auto Connect', 'Bluetooth App Sender', 'Mobile transfer: smart switch', and 'Driver: Bluetooth, Wi-Fi, USB'. The Bluetooth Auto Connect app alone boasted more than one million downloads and was initially uploaded to Google Play two years ago. According to researchers, the apps don't demonstrate any malicious intent for at least a couple of days after initial installation. And the malware doesn't just immediately bombard victims with pop-ups and malicious links after the activity begins. First, after the initial pop-up is displayed, the malware is instructed to wait two hours before displaying the next ad. After this initial delay, the app repeatedly opens tabs in Google Chrome to display advertising links, which attempt to generate clicks to generate revenue. The victim doesn't even need to be actively using their phone for the pop-ups to appear – the links can be opened in the background. This intrusive activity has led to Malwarebytes classifying the malware as trojan malware, rather than adware. "The aggressiveness of the pop-ups - I once opened my test phone to fifteen open tabs in Chrome after only a couple of hours – and the heavy obfuscation is what lead us to classify it as trojan malware," Nathan Collier, malware intelligence analyst at Malwarebytes told ZDNET, who warned that the malware could become more dangerous in future. "We believe given enough time that the phishing sites would also direct to sites that would encourage people to enter personal information." More in the article with related links here: https://www.zdnet.com/article/android-warning-these-malicious-apps-had-over-a-million-downloads-from-google-play/?ftag=TRE-03-10aaa6b&bhid={%24external_id}&mid={%24MESSAGE_ID}&cid={%24contact_id} Edited November 13, 2022 by RV_ Quote RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
RV_ Posted August 7, 2023 Author Report Share Posted August 7, 2023 7 hours ago, kojicraps said: Thanks for sharing the insights, folks. Any updates since then? 9 pages of them here for Phones, Windows, and Macs/iOS: https://www.malwarebytes.com/blog/category/personal Quote RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.