Google Play Store Removes Popular Apps with 20 Million+ Downloads for Malicious Activity

Google’s Play Store serves billions of users who collectively download millions of apps each month. According to Statista, users worldwide collectively had 111.3 billion mobile app downloads from the Play Store in 2021. While the number of apps is much smaller, users are spoilt for choice when it comes to options for entertainment, utility, productivity, and digital safety.

Unfortunately, a big chunk of these apps don’t really exist to provide these useful functions, but are created with malicious intent. Google recently removed 16 such apps with over 20 million combined downloads from its app store after discovering they installed additional code to commit ad fraud. This code would run in the background and quickly drain devices’ network data and battery life.

Malicious apps regularly make their way onto the Google Play Store despite seemingly increased efforts to put walls in place to keep them out. Sadly, Google’s firewalls are about as effective as a house built from straw, and the big bad cyber wolves keep blowing them down.

Clicker Malware: Real on the Outside, Rotten on the Inside

According to antivirus firm McAfee, whose researchers discovered the malware, the apps would download a remote configuration after they were installed. This registered the devices on Google’s Firebase Cloud Messaging (FCM) service to receive push messages. The remote configuration also instructed devices to secretly open specific web pages, then click on various links. Criminals create these apps to generate inflated ad clicks on websites to increase their ad revenue.

A malware app on the Google Play Store
One of the clicker malware apps the researchers discovered.

Also known as clicker malware, these link-clicker apps are a nuisance and might not generally pose a threat. That said, they still abuse people’s devices, illegally run background software, and can potentially compromise people’s personal data. It’s normal for malicious apps to pose as legitimate software, and many even work perfectly at the surface level as they’re supposed to. 

Mainly, it’s visiting websites which are delivered by FCM messages and browsing them successively in the background while mimicking user behavior. This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware

SangRyol Ryu, McAfee

A list of websites opened by a malware app
Researchers shared an example of the network traffic these apps generate to produce fake clicks on various websites. Credit: McAfee

The result can deplete your device’s battery life and network data. If you connect to the local network at home or use public Wi-Fi, it might go unnoticed, but people who use mobile data will feel the impact.

Google Kicks Another 16 Apps, But A Greater Problem Remains

The 16 apps Google recently evicted from its platform all perform regular — even mundane — functions like measurement conversions, QR readers, task managers, and flashlight activation. It’s within this mundane, unnoticed framework that these apps carried out their covert activity. 

Google has a well-documented malware problem it’s been trying to fix for years. Unfortunately, many malicious apps still slip through its safety measures and people tend to trust these mundane little apps to do what they say they do. After all, how much harm could a little currency converter app really do? 

Yet it’s precisely this harmless appearance that enables malware to fly under the radar. They want to be useful enough to encourage plenty of downloads, but not popular enough to make headlines. Cybercriminals also bet on people forgetting the app on their device or leaving it installed because it’s occasionally useful.

What’s the solution, then?

It Takes Two to Protect Personal Devices

While Google might be doing its best to improve app security measures for Android users, it isn’t enough. Android users should also take extra care to protect their devices by exercising caution and due diligence. Here are a few things to help prevent a possible malware infection:

          • Carefully vet an app before downloading it. Look at reviews, the number of downloads, and the company that owns the app.
          • Avoid installing unnecessary apps you don’t actually need and won’t use regularly.
          • Uninstall old apps you haven’t used in the last three months.
          • Use a VPN to secure your connection and add another layer of security on your device. Stick to a reputable VPN like CyberGhost – we won’t log any of your personal data.
          • Download apps from reputable stores. Even though malware can make it onto the Play Store, it’s generally a safer bet than third-party apps and sideloading.
          • Use Google Play Protect to monitor your apps for harmful behavior.
          • Check your phone for any new apps you don’t recall installing and strange behavior.

Clicker malware is a type of adware, but it isn’t the only malware you face whenever you go online or download an app on your phone, and some are much more dangerous. 

Cybercriminals regularly target Android users with spyware and keyloggers to gather extremely sensitive information they can use to steal your account login information, identity, or banking details.

Malware will continue to spread, so it’s up to you to protect your devices as much as you can using good habits and solid security practices.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*