The four apps that have been identified as malicious were from a developer called Mobile apps Group and were called 'Bluetooth Auto Connect', 'Bluetooth App Sender', 'Mobile transfer: smart switch', and 'Driver: Bluetooth, Wi-Fi, USB'.
The Bluetooth Auto Connect app alone boasted more than one million downloads and was initially uploaded to Google Play two years ago.
According to researchers, the apps don't demonstrate any malicious intent for at least a couple of days after initial installation. And the malware doesn't just immediately bombard victims with pop-ups and malicious links after the activity begins. First, after the initial pop-up is displayed, the malware is instructed to wait two hours before displaying the next ad.
After this initial delay, the app repeatedly opens tabs in Google Chrome to display advertising links, which attempt to generate clicks to generate revenue.
The victim doesn't even need to be actively using their phone for the pop-ups to appear – the links can be opened in the background. This intrusive activity has led to Malwarebytes classifying the malware as trojan malware, rather than adware.
"The aggressiveness of the pop-ups - I once opened my test phone to fifteen open tabs in Chrome after only a couple of hours – and the heavy obfuscation is what lead us to classify it as trojan malware," Nathan Collier, malware intelligence analyst at Malwarebytes told ZDNET, who warned that the malware could become more dangerous in future.
"We believe given enough time that the phishing sites would also direct to sites that would encourage people to enter personal information."
According to researchers, this isn't even the first time Bluetooth Auto Connect or the other apps linked to the developer have displayed malicious activity. But some of the updates made to the app in the two years since it was first released have made it 'clean' for periods.
"It appears they were allowed to stay on after uploading clean versions. This latest version uses heavy obfuscation to evade detection," said Collier.
It's recommended that users who've downloaded the app uninstall it to remove malware from their Android device – and that even though Google Play is the safest place to download Android apps, to be mindful about what they download.
Some users noticed the malicious behaviour and complained about pop-ups in one-star reviews on the Google Play store. Paying attention to this kind of information could help you avoid downloading malicious apps. ZDNET has attempted to contact the developers for comment.