Android users are being warned about a family of apps that were available to download until recently which aim to trick them into clicking on dangerous sites.
Cyber security experts at Malwarebytes discovered the four harmful apps, which together have been downloaded over one million times, contain malware which leads users to phishing sites. The apps all come from a developer called Mobile apps Group, and have since been removed from the Google Play store.
According to Malwarebytes, the apps may have avoided detection so far because there is a delay of up to a few days between downloading the app and it starting to exhibit "malicious behaviour". After the delay, the apps were found to open up phishing sites in Chrome - some of which attempted to trick unsuspecting users into clicking by telling them their device has been infected or that they need to install an urgent update.
READ MORE: Fake Amazon sign-in scam texts to watch out for - and how to spot them
The four apps in question from the Mobile apps Group are called:
- Bluetooth Auto Connect
- Driver: Bluetooth, Wi-Fi, USB
- Bluetooth App Sender
- Mobile transfer: smart switch
These sites opened up in Chrome in the background even when the phone was locked, research by Malwarebytes found, meaning that the user's browser history would end up as a long list of "nasty" phishing sites designed to steal users' data. If you downloaded any of these apps before they were removed from the Google Play store, you should delete them immediately to help keep your mobile device and information safe.
READ NEXT:
Why you're asked to put your phone on airplane mode during a flight and what happens if you don't
What is Mastodon? The little-known social media platform Twitter users are flocking to
From ads to phishing - seven signs to look out for that show a website may be a scam
Tech experts issue warning over worrying rise in Instagram account cloning and social media scams
GCHQ's advice on avoiding online shopping scams ahead of Christmas
