Nigerians have been warned not to install apps from Mobile Apps Group, an offending publisher on the Google Play Store, by the Nigerian Communications Commission's Computer Security Incident Response Team (NCC-CSIRT).
The NCC claims that the Group's products contain Trojans and adware that are harmful to users' privacy.
The Nigeria Computer Emergency Response Team (ngCERT) has been observing and monitoring the constant introduction of malicious mobile applications into Google Play Store, according to NCC-CSIRT's latest advisory on the incident.
According to the report, the Mobile Apps Group has a history of distributing malware-infected apps via the Google Play store. The current batch of apps has already received over a million downloads.
The malicious apps: Bluetooth Auto Connect, Bluetooth App Sender, Driver: Bluetooth, Wi-Fi, USB, and Mobile transfer: smart switch were among the malicious apps identified by NCC-CSIRT.
"To avoid detection, the apps will delay the display of ads for up to three days after installation." After this time, the user is bombarded with advertisements and directed to malicious phishing websites in the Chrome browser. The malicious app can open Chrome tabs in the background while the device is idle. Some of the sites it opens may appear to be harmless, but they are pay-per-click pages that generate revenue for the developers when clicked," the NCC-CSIRT warned.
How it affects users: According to the advisory, installing the apps may result in being bombarded with advertisements and the theft of sensitive user data. Clicking on the ads will cause the stealth download or installation of additional malware, putting users' privacy and personal data at risk.
"These unfavorable outcomes are avoidable if users avoid downloading apps developed by Mobile apps Group and read app reviews before installing any app." Other suggested solutions include "immediately uninstalling any of the identified malicious apps and installing up-to-date anti-malware solutions to detect and remove malware," according to the NCC-CSIRT.
The malicious activities of the offending apps were rated as high in probability and potential for damage by NCC-CSIRT.
The CSIRT's Mission: The NCC established the CSIRT, the telecom sector's cyber security incident center, to focus on incidents in the telecom sector that may affect telecom consumers and citizens at large.
