Security experts at Malwarebytes have discovered a group of four apps totaling millions of downloads overall that have been infected with the HiddenAds malware. The apps are listed on google Play and were published by Mobile apps Group. The apps pertain to Bluetooth functions such as ‘Bluetooth Auto Connect’ and ‘Bluetooth App Sender.’ Malwarebytes detailed the discovery in an advisory published on Tuesday.
The security company stated that the content of the phishing sites varies. One of the apps is a site used to produce pay-per-click and others are more dangerous phishing sites that attempt to trick users into giving up credentials. One site includes adult content that leads to phishing pages that tells the user that they have been infected. It then prompts the victim to perform an update. In one instance, the app runs Chrome tabs in the background even when the smartphone is locked. This means that the users’ browser history will become plagued with a long list of phishing sites. Users should be wary of the apps they download.