Google kicked 16 apps with more than 20 million installs out of the Play Store after researchers detected malicious activity that could cause the Android devices they’re running to drain their battery faster and use more data than usual.
Security firm McAfee said the apps in question actually provide legitimate functions like flashlight, camera, QR reading and measurement conversion. However, when the apps are opened, they download additional codes that cause them to be ad fraudulent. From then on, infected devices run processes through Google’s Firebase Cloud Messaging platform, such as artificially increasing the number of click-through ads received and opening certain web pages in the background. The firm also shared the screenshot below, which shows a small sample of the additional network requests a device makes while performing the fraud.
All malicious apps come with a code library called com.liveposting, which acts as a tool and runs hidden adware services. Other apps also come with an additional library called com.click.cas. To hide this library fraudulent behavior, which focuses on auto-click functionality, applications wait about an hour from installation before running libraries.
The detected applications are:
A Google spokesperson said in a statement that all apps reported by McAfee have been removed. The representative continued, “Users are also protected by Google Play Protect, which blocks these apps on Android devices.” The spokesperson did not answer a question asking how the applications reached 20 million downloads if they are blocked.
37329
