Remove These Malicious Apps From Your Android As Soon As Possible
Unfortunately, how often do we hear about applications containing malware on the Google platform ( not that they are the only ones with a malware problem ). Every time we learn about new Trojans, it reminds us to be careful when downloading new applications. This time, the newly discovered apps have been downloaded over two million times, which means that many devices have been compromised.
Cybersecurity Doctor Web has detected a Trojan called “Fast Cleaner & Cooling Master” in the Play Store. This app was meant to be an OS optimization, claiming to improve the Android performance of your smartphone. Instead, the app secretly communicates with developers via Firebase Cloud Messaging or the AppMetrica Push SDK, displays ads on victims’ smartphones, or uses these devices as proxy servers. For example, if the application was installed on your Android, third parties may route their traffic through your device.
This app has had less than 1,000 downloads, which, while not perfect, is not a huge malware breakthrough. However, Doctor Web found other Trojans that use Firebase Cloud Messaging to communicate with their developers, this time to download specific websites. They found three apps that fit the bill: “Volume, Music Equalizer” with 50,000 downloads, “Bluetooth, Wi-Fi and USB” driver with 100,000 downloads, and “Bluetooth Device Auto-Connect” with a million downloads. Automatic connection of a Bluetooth device has been touted as a solution to improve your Bluetooth connection, as well as provide automatic connection to Bluetooth devices so that you could theoretically bypass the Android Bluetooth settings menu every time you want to join.
Bluetooth Device Auto-Connect is not the only Trojan with so many downloads. TubeBox alone had over a million downloads, probably because it attracted people as an easy way to make money. Users will only need to watch an in-app ad video, which in theory will generate coins and coupons that they can later redeem for real money. The problem was that no one could actually redeem their credits due to “problems reported by the app”. As you might have guessed, the app never intended to pay out money to users. Instead, the developers pocketed all the ad revenue generated from users’ browsing history for themselves. While we don’t have statistics on these numbers, the fact that the app has been downloaded over a million times means that the scammers probably walked away with a good chunk of ad money.
Protect yourself from malicious apps in the Google Play Store
Unfortunately, Google does not have warnings that the application you are viewing may be malicious. Once they approve an app, it appears in the store like any other until Google finds out something about the app to remove it. However, there are steps you can take to keep yourself and your device safe.
First, always fully check the app’s page on the Play Store before downloading it. Does the name of the application make sense? “Bluetooth, Wi-Fi and USB” is a terrible name for an app and I think it’s malware. Then check the graphics and description of the application. Does everything seem carefully thought out and well put together? Does the app description match the intended use? Are there any mistakes or poorly written? It could be big red flags.
Reviews help a lot too. Often users who download malware complain about the impact of the application on their phone. You might see negative comments about the amount of ads users are shown, how slow their phone is getting, or how the app doesn’t do anything it’s supposed to do. If you see enough of these warning signs, you should stay away.
[ My broadband ]