These malicious Android apps have already been downloaded over 20 million times

A collection of malicious Android apps have been discovered hiding in the Google Play Store that don't just slow down a victim's device, but also cause high phone bills via annoying malware.

Cybersecurity researchers from McAfee said they found 16 so-called "clicker" apps with currently have more than 20 million downloads. 

The apps are mostly advertised as utility solutions: flashlight apps, profile downloaders, system checkers, security apps, dictionaries, currency converters, and similar. In fact, the biggest app from McAfee’s list is DxClean, a “system cleaner and optimizer”, with more than five million installs. 

Automated ad clicks

Clicker apps are just as the name would suggest - apps that click things. They work in the device’s background, load ads so that the user doesn’t see them, and then click on them, generating extra revenue for the developers. Depending on the victims’ mobile data plans, these apps could also rake in extra expenses, as well. 

Most of the time, though, they will just slow the device down, and drain its battery a bit faster. 

The apps are also designed to mimic human behavior, as ad networks became relatively good at stopping bots and do not pay out revenues for automated and bot clicks. Furthermore, they’re also pretty good at hiding from the users, delaying their activities in the first hours after the installation, to make sure users don’t notice any significant drops in performance. 

While Google says it has now removed all of the apps from its repository, it can’t delete them from the users’ devices - so until users remove the apps themselves, they will remain at risk. 

Anyone suspecting their devices hold such apps should experiment by leaving their smartphones idle for a couple of hours. Should it lose too much battery, or show an increase in mobile data consumption, they should remove potential malicious apps before running the experiment again. 

The full list of malicious apps can be found on this link

Via: BleepingComputer



Comments