Scam of the Week: Android Apps Redirect Users to Malicious Sites

Recently uncovered by cybersecurity researchers, a set of four Android apps have been found to link users to malicious sites. These malicious sites either install adware or attempt to steal information from the user, in what has found to be a massive cybercrime campaign. The apps were all created by

by | Nov 3, 2022 | Tech Insights

Recently uncovered by cybersecurity researchers, a set of four Android apps have been found to link users to malicious sites. These malicious sites either install adware or attempt to steal information from the user, in what has found to be a massive cybercrime campaign. The apps were all created by the same developer: Mobile apps Group.

According to Malwarebytes, the team who originally uncovered this scam, the sites are designed to generate revenue through the use of pay-per-click ads. Not only do these sites generate revenue from unsuspecting users, but the sites will also prompt users to download other apps in order to ‘clean’ your phone. Unsurprisingly, instead of these apps ‘cleaning’ a cell phone, they instead install additional malware.

What are the apps I should avoid?

  • Bluetooth App Sender (50,000+ downloads)
  • Bluetooth Auto Connect (1,000,000+ downloads)
  • Driver: Bluetooth, Wi-Fi, USB (10,000+ downloads)
  • Mobile transfer: smart switch (1,000+ downloads)

Collectively, these malicious apps have garnered over 1,060,000 downloads from the Google Play store.

How do the apps act maliciously?

The bad actors have utilized time-based delays to conceal their malicious behavior, as well as to get past Google Play store protections set in place for users. Malwarebytes analysis reveals the apps have an approximate four day waiting period before the phishing campaign begins – first opening a phishing site in Chrome, then opening new tabs every two hours.

A researcher from Malwarebytes stated: “Delaying malicious behavior is a common tactic to evade detection by malware developers. It turns out that this app uses delays quite a bit…After the initial delay, the malicious app opens phishing sites in Chrome. The content of the phishing sites varies—some are harmless sites used simply to produce pay-per-click, and others are more dangerous phishing sites that attempt to trick unsuspecting users.”

The apps have been found to be a part of a larger operation, called HiddenAds, active since at least June 2019.

If you have downloaded these apps, your best solution is to delete them ASAP.