bleepingcomputer[.]com/news/security/malicious-android-apps-with-1m-plus-installs-found-on-google-play/
A set of four malicious applications currently available in Google Play, the official store for the Android system, are directing users [to] sites that steal sensitive information or generate ‘pay-per-click’ revenue for the operators.Some of these sites offer victims to download fake security tools or updates, to trick users into installing the malicious files manually.
At the time of publishing, the apps are still present on Google Play under a developer account called Mobile apps Group, and have a total install count of more than one million.
According to a report from Malwarebytes, the same developer was exposed twice in the past for distributing adware on Google Play but it was allowed to continue publishing apps after submitting cleaned versions.
The four malicious apps uncovered this time are:
Bluetooth Auto Connect, with over 1,000,000 installs
Bluetooth App Sender, with over 50,000 installs
Driver: Bluetooth, Wi-Fi, USB, with over 10,000 installs
Mobile transfer: smart switch, with over 1,000 installs