Google has acted on 22 malware apps by removing them from the Google Play Store. The apps were found to contain a device-draining backdoor that allowed them to secretly download files from a remote server. The apps were being used to virtually ‘click’ on online ads and generate revenues for the attackers. The removal of the apps was reported on by ArsTechnica, which received the information from security researchers from Sophos who discovered the malicious nature of the apps.
What is further alarming about the situation is that the apps have been downloaded on over two million instances, suggesting that a large number of users were targeted by the malware. The apps would forcibly run the click program to collect ad bounties even when the users force-closed the apps. A single app – Sparkle Flashlight – was responsible for over one million downloads alone, and was listed much earlier than the other apps. The update for the malware was added earlier this year on all of the apps.
The ad-clicker malware was responsible for massive battery drain on users’ smartphones, as well as increased data usage as a result of constantly sending and receiving data from the server. The larger scope of harm is being done to the advertising ecosystem, which fell victim to the millions of fraudulent clicks and subsequent ad payment requests.
WATCH: OnePlus 6T Thunder Purple Hands On
While the apps have been removed from the Google Play Store, users who still have these apps installed on their devices won’t be free of them until they have been removed. De-listing from the Google Play Store ensures that the spread of the malware is contained for now, and advertisers will, on their end, prevent more fraudulent bounty requests.