"These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites"
As part of an adware and information-stealing campaign, four Android apps released by the same developer were discovered directing victims to malicious websites. The apps, developed by Mobile Apps Group and currently available on the Play Store, have been downloaded over one million times. According to Malwarebytes, the websites are designed to generate revenue through pay-per-click ads and prompt users to install cleaner apps on their phones to deploy additional malware. The apps include "Bluetooth App Sender," "Bluetooth Auto Connect," "Driver: Bluetooth, Wi-Fi, USB," and "Mobile transfer: smart switch." One of the more common methods used by threat actors to bypass Google Play Store security measures is to use time-based delays to conceal their malicious behavior. Malwarebytes' analysis found that the apps wait approximately four days before opening the first phishing site in Chrome browser, and then launch more tabs every two hours. The apps are part of the HiddenAds malware operation, which has been active since at least June 2019 and has a history of illegally earning revenue by redirecting users to advertisements. This article continues to discuss the set of four Android apps directing victims to malicious websites as part of the HiddenAds malware operation.