Google has been failing to catch malicious apps from being listed in the Google Play store, and some developers are even being removed it seems.  Malwarebytes reported four applications that were listed by developer ‘Mobile Apps Group’ contain malware that is used to steal users’ information.

In their report, Malwarebytes noted that the developer has a history of putting malware in their apps, which makes it puzzling that they’re still able to list new apps in the Play store.

The apps listed by ‘Mobile Apps Group’ include:

• Bluetooth Auto Connect

• Driver: Bluetooth Wi-Fi, USB

• Bluetooth App Sender

• Mobile transfer: smart switch

According to Nathan Collier, a Malware Intelligence Analyst for Malwarebytes, says that when users install Bluetooth Auto Connect, the malware takes days before its activities are noticed. Once a few days pass, phishing sites will begin to open in Chrome.  The sites run in the background even if the device is locked and open automatically once the phone in unlocked.

Mobile Apps Group has been cited in the past for listing malicious apps in the Google Play store. It has been reported in the past that a previous version of Bluetooth Auto Connect was listed, and eventually delisted. However, two days after being delisted, the group released version 3.0 of the app in the Google Play store. This means that the group was not hit with a probation period after initial delisting. The current version of the app is version 5.7, which suggests that the app has potentially remained in the store for close to a year.

There have been many malicious app scandals on the Google Play store. For instance, a Muslim prayer app was harvesting user phone numbers, and a recently there was a variety of apps that were found stealing user logins to Facebook.

It is not known how Google was unable to detect these apps. Another recent study from Bitdefender showed that 35 other malicious apps that are listed on the Google Play store have accumulated over 2 million downloads total. These apps, once installed, were able to rename themselves and change their icon to confuse users and avoid detection.

Google Play Protect is the built-in malware defense program that scans over 100 billion apps on the platform on a daily basis. But researchers have noted that it consistently fails at catching malware. It ranked last among other security apps in 2021 tests by security researchers.

Story via Gizmodo