McAfee finds 16 malicious apps downloaded 20 million times on Play Store

  • McAfee found 16 apps that have 20 million downloads combined hiding malware.
  • The Clicker malware as it is dubbed secretly serves advertising to a user.
  • Google says Play Protect blocks these apps for users but fails to explain how they were downloaded 20 million times.

Google may want to check whether its Google Play Store protections are working as intended as this week McAfee revealed an alarming discovery.

The cybersecurity firm discovered 16 applications that were on the Google Play Store that contained so-called Clicker malware. The fact that these malicious apps made it on Google’s digital storefront at all is cause for concern.

Clicker malware, according to McAfee is adware which essentially allows ne’er-do-wells to profit off of users without their knowledge.

“Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behaviour is cleverly hidden from detection. Malicious actions such as retrieving crawl URL information via FCM messages start in the background after a certain period of time and are not visible to the user,” the firm explained in a blog post.

The reference to FCM there is to Firebase Cloud Messaging which allows the application to receive messages.

The apps in question are all rather innocuous. The most popular app that was downloaded claimed to be a camera application and was downloaded 10 million times.

Perhaps the most curious apps that were used to spread Clicker malware were Flashlight apps. We find this odd as the flashlight toggle for Android smartphones is one swipe away and it should come preinstalled on the smartphone.

All 16 of these apps have been removed from the Play Store according to McAfee. A Google spokesperson tells Ars Technica that, “Users are also protected by Google Play Protect, which blocks these apps on Android devices.”

However, the fact that these apps garnered a total of 20 million collective downloads may point to the fact that Google needs to rethink its Play Protect service as something clearly isn’t working properly.

It’s things like this that highlight the need to install a security solution on your smartphone. While Google Play Protect does work, for the most part, additional software can help stop the threats that slip between the cracks.


About Author


Related News