histats

Malicious app developer remains on Google Play despite being cited multiple times for malware

Malicious app developer remains on Google Play despite being cited multiple times for malware

A phone with multiple app icons including Messages, Play Store, Phone, Settings and more

A phone with multiple app icons including Messages, Play Store, Phone, Settings and more

Google has routinely been notified of apps containing malware listed in the Play Store, but it has routinely failed to catch already identified malware.

Google is still unable to catch malicious apps from being listed in the app store, but it seems that some developers who have been cited are not even kicked off the platform. Security software company Malwarebytes reported on Tuesday that four apps listed by developer Mobile apps Group contain a well-known malware used to steal users’ information. At the time of reporting, all four apps are still listed on the Google Play Store.

Even worse, Malwarebytes wrote that the developer in question has been found to distribute malware in their apps before, but they can still list their apps in Google’s main app store.

read more

The apps are listed by the company Mobile apps Group, whose listing on the Play Store includes the tagline “Using the smart app, you guarantee a strong and reliable Bluetooth pairing with any device.” The apps include:

  • Bluetooth Auto Connect

  • Driver: Bluetooth Wi-Fi, USB

  • Bluetooth app transmitter

  • Mobile transfer: smart switch

As of the time of reporting on Wednesday morning, the developer's apps containing the malware were still available on the Play Store.

As of the time of reporting on Wednesday morning, the developer’s apps containing the malware were still available on the Play Store.

Nathan Collier, a malware intelligence analyst for Malwarebytes, wrote that when users first install Bluetooth Auto Connect, there is a delay of several days before it starts opening phishing websites in Chrome. These websites run in the background even if a device is locked and open automatically when users unlock their phones. These phishing sites allegedly include porn sites that lead to phishing sites or other sites that spam users with messages that they have been hacked and need to perform an update.

See also  Points clés de Microsoft Teams sur Microsoft Inspire 2022

The Mobile Apps Group has been cited twice in the past for listing malware-infected apps, according to Collier. Other cybersecurity researchers have blogged about an earlier version of Bluetooth Auto Connect. Two days after that blog and subsequent takedown, the developers released a 3.0 version on Google Play, meaning the malicious developers didn’t even get a trial period. The developers released the current 5.7 version of the app last December, meaning the malware has potentially been around for nearly a year.

Google did not immediately respond to Gizmodo’s request for comment. Google has a stated policy against any app that includes malware of any kind, and the system claims it warns users if it detects a malware policy violation.

Collier wrote that the first log entry from malware called Android/Trojan.HiddenAds.TBGTHB is recorded a few hours after he installs the app, although the time before it installs varies between different apps.

There have been many other high-profile malicious app scandals on Google Play, including a Muslim prayer app that harvested users’ phone numbers. Last year, Google booted nine other apps from its store after researchers found they used malware to steal users’ Facebook logins.

Delaying malware infiltration is a common way bad actors get around app store filters, Collier wrote. It’s still unclear why Google wasn’t able to detect these apps, but another recent report by cybersecurity company Bitdefender noted that there were 35 other malicious apps listed on the Play Store that have amassed over 2 million downloads in total. That August report noted that once these apps are installed, they rename and change the app icon to confuse users and avoid detection. An even earlier report from July by Dr. Web noted that a few dozen other malware-infected apps were modifications of known malware.

See also  Comment utiliser votre téléphone Android comme manette pour jouer à des jeux PC

Google Play Protect is the company’s built-in malware defense program, and according to its own site, it scans over 100 billion apps on Google Play every day. But researchers have previously noted that it so routinely fails to catch malware, ranking last among other security apps in 2021 tests by IT security researchers at AV Test.

More from Gizmodo

Sign up for Gizmodo’s newsletter. For latest news, Facebook, Twitter and Instagram.

Click here to read the full article.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *