Scam of the Week: Android Apps Redirect Users to Malicious Sites

Recently uncovered by cybersecurity researchers, a set of four Android apps have been found to link users to malicious sites. These malicious sites either install adware or attempt to steal information from the user, in what has found to be a massive cybercrime campaign. The apps were all created by

by | Nov 3, 2022 | Tech Insights

Recently uncovered by cybersecurity researchers, a set of four Android apps have been found to link users to malicious sites. These malicious sites either install adware or attempt to steal information from the user, in what has found to be a massive cybercrime campaign. The apps were all created by the same developer: Mobile apps Group.

According to Malwarebytes, the team who originally uncovered this scam, the sites are designed to generate revenue through the use of pay-per-click ads. Not only do these sites generate revenue from unsuspecting users, but the sites will also prompt users to download other apps in order to ‘clean’ your phone. Unsurprisingly, instead of these apps ‘cleaning’ a cell phone, they instead install additional malware.

What are the apps I should avoid?

  • Bluetooth App Sender (50,000+ downloads)
  • Bluetooth Auto Connect (1,000,000+ downloads)
  • Driver: Bluetooth, Wi-Fi, USB (10,000+ downloads)
  • Mobile transfer: smart switch (1,000+ downloads)

Collectively, these malicious apps have garnered over 1,060,000 downloads from the Google Play store.

How do the apps act maliciously?

The bad actors have utilized time-based delays to conceal their malicious behavior, as well as to get past Google Play store protections set in place for users. Malwarebytes analysis reveals the apps have an approximate four day waiting period before the phishing campaign begins – first opening a phishing site in Chrome, then opening new tabs every two hours.

A researcher from Malwarebytes stated: “Delaying malicious behavior is a common tactic to evade detection by malware developers. It turns out that this app uses delays quite a bit…After the initial delay, the malicious app opens phishing sites in Chrome. The content of the phishing sites varies—some are harmless sites used simply to produce pay-per-click, and others are more dangerous phishing sites that attempt to trick unsuspecting users.”

The apps have been found to be a part of a larger operation, called HiddenAds, active since at least June 2019.

If you have downloaded these apps, your best solution is to delete them ASAP.

Since 2003, Network Security Associates has provided impeccable IT services to an array of Las Vegas based businesses – including IT audits, optimization of digital infrastructure, security monitoring, compliance solutions, data backups, and so much more. We offer 24/7 support from our brilliant IT specialists, who’ll be able to assist you either over the phone or on an on-site visit (if it requires). We always put the client first, going above and beyond, every single time, to ensure client satisfaction.

Quick response times, disaster recovery plan implementation, free evaluations, and certification from the Nevada Gaming Board are just a few of our services that separate us from the rest of the competition. Call us for a free consultation today at 702-547-9800!