New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Antivirus Provider Dr. Web Discovers Numerous Malicious Apps on Google Play Store

Dr. Web antivirus has discovered a set of Google Play store apps that are spreading malware and carrying out phishing campaigns against Android users. The apps have been downloaded millions of times. One of the apps, TubeBox, has over a million downloads itself. The app’s goal is to get users to stay on the app as long as possible by promising cash payouts for watching videos and ads. Another set of apps posed as Russian loan providers. These apps directed users to phishing sites and attempted to steal their personal information. Below is a list of some other apps that were identified as fraudulent, but are no longer available on the Play store:

  • Bluetooth device auto connect (bt autoconnect group) – 1,000,000 downloads
  • Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100,000 downloads
  • Volume, Music Equalizer (bt autoconnect group) – 50,000 downloads
  • Fast Cleaner & Cooling Master (Hippo VPN LLC) – 500 downloads

Although Google has made it more difficult to get apps onto the Play store, this situation shows that threat actors are still finding a way to get it done.

Analyst Notes

Prior to downloading any apps from the Play store, users should read reviews to help verify their legitimacy. It is important to make sure Play Protect is active and being used as well. If users identify any of the apps mentioned above on their devices, they should be deleted immediately.