Android Apps With Millions of Installation Redirect Users to Weaponized Websites

In Cybersecurity News - Original News Source is by Blog Writer

Post Sharing
It seems that the Google app store has still not been able to catch malicious applications, as they are still being listed there. In the Google Play store, there are currently four malicious apps that are available.

The 4 malicious applications that were listed by the developer “Mobile apps Group” and detected by the security experts at Malwarebytes are extremely stealthy and sophisticated.

This is because they steal users’ sensitive data and also generate PPC revenue for operators by directing users to specially crafted fake websites. While these four malicious applications were infected with Android/Trojan.HiddenAds.BTGTHB.

Four Malicious Apps

Here below we have mentioned the four malicious apps with all their key details:-

  • App name: Bluetooth Auto Connect
  • Package name: com.bluetooth.autoconnect.anybtdevices
  • Developer: Mobile apps Group
  • MD5: C28A12CE5366960B34595DCE8BFB4D15
  • Google Play URL:
  • Downloads: 1M+ Downloads
  • App Name: Driver: Bluetooth, Wi-Fi, USB
  • Package name: com.driver.finder.bluetooth.wifi.usb
  • Developer: Mobile apps Group
  • MD5: 9BC55834B713B506E92B3787BE83F079
  • Google Play URL:
  • Downloads: 10K+ Downloads
  • App Name: Bluetooth App Sender
  • Package name:
  • Developer: Mobile apps Group
  • MD5: F764F5A04859EC544685E30DE4BD3240
  • Google Play URL:
  • Downloads: 50K+ Downloads
  • App Name: Mobile transfer: smart switch
  • Package name:
  • Developer: Mobile apps Group
  • MD5: AEA33292113A22F46579F5E953596491
  • Google Play URL:
  • Downloads: 1K+ Downloads

Further Analysis

There were two previous instances where the same developer was caught distributing adware via Google Play for malicious apps. However, after submitting cleaned versions of the apps, it was allowed to continue publishing them.

On Google Play, there are a large number of negative reviews and comments regarding the apps. However, it is interesting to note that some of the comments were responded to by the developer.

The most shocking thing is that at the time of writing this article we found the apps are still live on Google Play Store.

There was a 72-hour delay between when an ad appeared on the screen and when a phishing link opened in the web browser before the app showed the first ad. Then every two hours, it automatically launches more tabs containing similar content in the same manner.

This malware operation, HiddenAds, is part of a much larger scheme, and it entails more and more malicious apps like these. Since 2019 this operation has been active and has an extremely illicit track