Android Apps With a Million Downloads Led Users to Phishing Sites

A group of 4 apps, counting in excess of a million downloads total, are shown on Google Enjoy and have been contaminated with the HiddenAds malware.

The applications, released by the developer Cell apps Team, would be ‘Bluetooth Automobile Connect,’ ‘Driver: Bluetooth, Wi-Fi, USB,’ ‘Bluetooth Application Sender,’ and ‘Mobile transfer: wise swap.’

The discovery was produced by security experts at Malwarebytes, who printed an advisory about the menace on Tuesday.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

“Our investigation of this malware commences with us locating an application named Bluetooth Vehicle Hook up,” the staff wrote. “Immediately after the preliminary delay, the malicious application opens phishing internet sites in Chrome.”

According to Malwarebytes, the material of the phishing websites differs, with some being harmless web-sites utilised to deliver pay-for each-click on and other folks getting much more hazardous phishing web pages that try to trick users.  

“For case in point, a single internet site includes adult content material that qualified prospects to phishing pages that explain to the user they’ve been contaminated or have to have to conduct an update,” the organization wrote.

Malwarebytes discussed that the Chrome tabs continue being open in the background, even when the smartphone is locked.  

“When the user unlocks their system, Chrome opens with the hottest web page. A new tab opens with a new internet site regularly, and as a outcome, unlocking your phone soon after several hours usually means closing a number of tabs. The user’s browser record will also be a extended record of terrible phishing websites.”

In accordance to the advisory, the evidence of malicious behaviors spotted by the team indicates the malicious resources are a lot more than just adware bypassing Google Perform Defend detection.

“With a significant dose of obfuscation and damaging phishing web pages, this is evidently the malware we know as Trojan HiddenAds,” Malwarebytes warned. “Many thanks to our Malwarebytes help workforce and our shoppers, we were being capable to keep track of down this nasty malware.”

The advisory will come two months right after NCC Team noticed an upgraded version of the SharkBot mobile malware resurfaced on Google’s Engage in Retailer.