Android users: Delete these four dangerous apps from your device

Together, these four apps have been downloaded more than a million times.

Android users: Delete these four dangerous apps from your device
© Getty/ sasha85ru
Android users: Delete these four dangerous apps from your device

If you use an Android device, this news, albeit unpleasant is for you. You should check your phone for four malicious applications that could redirect to sites where your sensitive information could be stolen. The list, released by cybersecurity service provider, MalwareBytes, all originate from the same developer and have been altered many times to get past Google’s security on the Play Store.

Discover our latest podcast

The apps

According to MalwareBytes, the apps are infected with the virus, Android/Trojan.HiddenAds.BTGTHB. They hide malware behaviour for some time and will eventually start opening phishing sites in Chrome. The blog lists the four malicious apps as:

  • Bluetooth Auto Connect (over 1,000,000 installs)
  • Bluetooth App Sender (over 50,000 installs)
  • Driver: Bluetooth, USB, Wi-Fi (over 10,000 installs)
  • Mobile Transfer: smart switch (over 1,000 installs)

They are estimated to have been download at least a million times cumulatively. Delete them now if your device is one of the one million devices they were downloaded on. According to MalwareBytes:

Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.
Getty/ krisanapong detraphiphat

Modus operandi

The cybersecurity firm explains that these apps remain hidden before they begin showing malware behaviour. Although delaying malicious behaviour is a common tactic to evade detection by malware developers, these apps use delays quite a bit.

The function of the sites they may redirect you to varies; some are harmless sites used to produce pay-per-click, others not so much. For instance, one site includes adult content that leads to phishing pages that tell the user they've been infected, or need to perform an update.

The Chrome tabs are opened in the background even while the mobile device is locked. When the user unlocks their device, Chrome opens with the latest site.

Sources used:

MalwareBytes: Malware on the Google Play store leads to harmful phishing sites

Bleeping Computer: Malicious Android apps with 1M+ installs found on Google Play

Live Mint: Android users, remove these four apps from your smartphone right now!

Delete these four apps immediately, Android users warned Delete these four apps immediately, Android users warned