Skip to content

4 malicious apps found on Google Play Store, with over a million downloads

  • by
  • 2 min read

Photo by Rafapress /

Four apps from a developer called Mobile Apps Group with a combined total of over one million downloads have been caught directing users to websites that steal sensitive information or generate pay-per-click revenue for the threat actor, in addition to offering victims to download fake security tools tricking them into installing malware on their phones. 

These apps include the following:

  • Bluetooth Auto Connect with over 1,000,000 installs
  • Bluetooth App Sender with over 50,000 installs
  • Driver: Bluetooth, Wi-Fi, USB with over 10,000 installs
  • Mobile transfer: smart switch with over 1,000 installs

The four apps are still available on the Google Play Store, the official marketplace for Android apps. Additionally, a Malwarebytes report that exposed these apps also states that the same developer has been caught twice in the past for spreading adware on the Play Store but was allowed to continue pushing apps after submitting non-malicious versions. 

The four malicious apps are still available on the Google Play Store.

The apps stay under the radar by delaying any ads or pop-ups up until 72 hours after installation. Once the first phishing site or ad is opened, the app continues doing the same every two hours. New browser tabs can be opened even if the target device is locked meaning users see multiple phishing and ad sites on their phones as soon as they unlock their devices. 

Furthermore, to work past automated code scanners, the app manifest logs useless descriptors in an attempt to hide logs for any actions performed by the apps. While this method may have gotten past any automated tools, this is also what helped the researchers discover malicious activity in the apps. 

Outside of these measures, the developer hasn’t taken any drastic steps to hide the apps’ malicious activity. The app reviews generally aren’t in favour of the apps with users complaining about intrusive ads opening in new browser tabs. The developer has even replied to some of these comments asking the user to get in touch with them to resolve the issue. 

In the News: Symantec researchers find new malware taking commands from IIS log files

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: