New Wave Of Malicious Android Apps Garnered 20M+ Downloads

Heads up, Android users! Researchers have discovered another bunch of malicious Android apps on the Google Play Store. The apps reportedly attracted over 20 million downloads.

Malicious Android Apps Attracted 20M+ Downloads

Researchers from McAfee have shared details about a recently spotted wave of malicious Android apps on the Play Store.

As elaborated, the researchers found numerous applications with malicious codes on Play Store. These apps posed as different utility apps, such as flashlight, camera apps, unit conversion apps, and QR scanners.

Briefly, these apps executed various activities upon reaching the target devices. First, it runs an HTTP request to download the remote configuration Firebase Cloud Messaging (FCM) listener to enable push messages. In addition, it also exhibits various attributes for different functions that contribute to its ad fraud activities.

The threat actors behind the malicious apps also strived to hide the malicious activities. For example, the app launched the sneaky retrieval of the crawl URL information using FCM messages in the background to avoid user detection.

The researchers have shared the following list of malicious apps (with package names).

  • High-Speed Camera (com.hantor.CozyCamera)
  • Smart Task Manager (com.james.SmartTaskManager)
  • Flashlight+ (kr.caramel.flash_plus)
  • 달력메모장 (com.smh.memocalendar)
  • K-Dictionary (com.joysoft.wordBook)
  • BusanBus (com.kmshack.BusanBus)
  • Flashlight+ (com.candlencom.candleprotest)
  • Quick Note (com.movinapp.quicknote)
  • Currency Converter (com.smartwho.SmartCurrencyConverter)
  • Joycode (com.joysoft.barcode)
  • EzDica (com.joysoft.ezdica)
  • Instagram Profile Downloader (com.schedulezero.instapp)
  • Ez Notes (com.meek.tingboard)
  • 손전등 (com.candlencom.flashlite)
  • 계산기 (com.doubleline.calcul)
  • Flashlight+ (com.dev.imagevault)

Google Removed The Malware-Containing Apps

Following this discovery, McAfee reported the matter to Google officials, who removed the malicious apps from the Play Store. However, deleting apps from there does not remove them from the respective users’ devices. Plus, such infectious apps can always appear online in third-party app stores. Thus, the threat continues unless the users manually remove the apps from their devices.

So, anyone running these apps must immediately uninstall them from the device, followed by a thorough scan with robust antimalware, to eliminate the threat. Moreover, adopting safety practices when downloading apps can also help prevent such threats.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil