Android users are being warned about a family of apps that were available to download until recently which aim to trick them into clicking on dangerous sites.

Cyber security experts at Malwarebytes discovered the four harmful apps, which together have been downloaded over one million times, contain malware which leads users to phishing sites. The apps all come from a developer called Mobile apps Group, and have since been removed from the Google Play store.

According to Malwarebytes, the apps may have avoided detection so far because there is a delay of up to a few days between downloading the app and it starting to exhibit "malicious behaviour". After the delay, the apps were found to open up phishing sites in Chrome - some of which attempted to trick unsuspecting users into clicking by telling them their device has been infected or that they need to install an urgent update.

The four apps in question from the Mobile apps Group are called:

  • Bluetooth Auto Connect
  • Driver: Bluetooth, Wi-Fi, USB
  • Bluetooth App Sender
  • Mobile transfer: smart switch

These sites opened up in Chrome in the background even when the phone was locked, research by Malwarebytes found, meaning that the user's browser history would end up as a long list of "nasty" phishing sites designed to steal users' data. If you downloaded any of these apps before they were removed from the Google Play store, you should delete them immediately to help keep your mobile device and information safe.

Chronicle Live