“Clicker” Malware found in Android Apps were Downloaded over 20 Million Times
16 Apps with malicious intent were removed from the Google Play Store after they were caught committing mobile ad fraud. Before being taken down, the apps calculated over 20 Million cumulative downloads.
The malicious malware known as “Clicker” malware, disguised itself as seemingly harmless utilities like cameras, currency converters, QR code readers and more.
The list of malicious apps that were removed from the play store include:
High-Speed Camera (com.hantor.CozyCamera) - 10,000,000+ downloads
Smart Task Manager (com.james.SmartTaskManager) - 5,000,000+ downloads
Flashlight+ (kr.caramel.flash_plus) - 1,000,000+ downloads
달력메모장 (com.smh.memocalendar) - 1,000,000+ downloads
K-Dictionary (com.joysoft.wordBook) - 1,000,000+ downloads
BusanBus (com.kmshack.BusanBus) - 1,000,000+ downloads
Flashlight+ (com.candlencom.candleprotest) - 500,000+ downloads
Quick Note (com.movinapp.quicknote) - 500,000+ downloads
Currency Converter (com.smartwho.SmartCurrencyConverter) - 500,000+ downloads
Joycode (com.joysoft.barcode) - 100,000+ downloads
EzDica (com.joysoft.ezdica) - 100,000+ downloads
Instagram Profile Downloader (com.schedulezero.instapp) - 100,000+ downloads
Ez Notes (com.meek.tingboard) - 100,000+ downloads
손전등 (com.candlencom.flashlite) - 1,000+ downloads
계산기 (com.doubleline.calcul) - 100+ downloads
Flashlight+ (com.dev.imagevault) - 100+ downloads
Once the Clicker malware is installed and launched, it begins to covertly visit bogus websites to simulate ad clicks without the victims’ knowledge.
“This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware,” according to SangRyol Ryu, a McAfee researcher.
To conceal itself, Clicker will not start operating within the first hour of installation. To stay under the radar, it will also work on a randomized delay.
The discovery of these malicious apps comes two months after McAfee discovered a dozen Android adware apps on the Google Play Store that had a strain of malware called HiddenAds, which also operated without any user interaction.
“Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem,” Ryu said. “Malicious behavior is cleverly hidden from detection.”
Story via The Hacker News