Google still can’t detect malicious apps in its app store, but there seem to be some developers who were quoted are not even removed from the platform. Security software company Malwarebytes announced on Tuesday that the four apps listed by the developer Mobile apps Group contain known malware that is used to steal user information. At the time of writing, all four apps are still available on the Google Play Store.
To make matters worse, Malwarebytes wrote that the developer in question was previously discovered deploying malware in their apps, but they can still list their apps on the main Google app store.
The apps are listed by the Mobile apps Group, whose Play Store listing includes the slogan “Using a smart app, you guarantee a secure and reliable Bluetooth connection with any device.” Applications include:
- Automatic Bluetooth connection
- Driver: Bluetooth WiFi, USB
- Bluetooth Application Sender
- Mobile transfer: smart switch
Nathan Collier, malware analyst for Malwarebytes, wrote that when users first install Bluetooth Auto Connect, there is a delay of several days before it starts opening phishing sites in Chrome. These sites run in the background even when the device is locked and open automatically when users unlock their phones. These phishing sites are reported to include porn sites that lead to phishing pages or other sites that spam users with messages that they have been hacked and need to be updated.
According to Collier, the mobile app group has been mentioned twice in the past for a list of apps infected with malware. Other cybersecurity researchers blogging about an earlier version of Bluetooth Auto Connect. Two days after this blog post and the subsequent delisting, the developers released version 3.0 on Google Play, meaning these malicious developers weren’t even given a trial period. The developers released the current version of the application 5.7 in December last year, which means that malware is potentially stayed for almost a year.
Google did not immediately respond to Gizmodo’s request for a comment. Google has stated policy against any application that contains malware of any type, and the system claims to alert users if it detects a violation of its malware policy.
Collier wrote that the first entry in the malware log called Android/Trojan.HiddenAds.TBGTHB is written several hours after he installed the application, although the time before it was installed varies for different applications.
There have been numerous other high-profile malware scandals on Google Play, including one Muslim prayer app who collected phone numbers of users. Google last year downloaded nine other applications from their store after researchers discovered they used malware to steal Facebook user accounts.
Delaying malware infiltration is a common way attackers bypass app store filters, Collier said. It remains unclear why Google was unable to detect these applications, but in another recent cybersecurity company report Bitdefender noted 35 other malicious apps were registered in the Play Store, with a total of over 2 million downloads. An August report noted that once installed, these apps rename themselves and change their app icon to confuse users and avoid detection. Even earlier report for July Dr.Web noted that several dozen other applications infected with malware were modifications of known malware.
Google Play Protection is the company’s built-in anti-malware program, and according to its own page, it scans over 100 billion apps on Google Play every day. But researchers have previously noted that it fails so often in malware detection, ranked last among other security applications in 2021 tests conducted by IT security researchers from AV Test.