McAffe announced yesterday 16 malicious Android apps that have a total of over 20 million downloads. They have already been removed from the Google Play Store after they were found to be committing ad fraud through Clicker
According to McAffe, in Android mobile utilities such as camera, currency/unit converters, QR code readers, note-taking apps, dictionaries and other theoretically harmless apps, there is Clicker malware in disguise.
The list of offending apps is as follows:
- High-Speed Camera (com.hantor.CozyCamera) – 10.000.000+ downloads
- Smart Task Manager (com.james.SmartTaskManager) – 5.000.000+ downloads
- Flashlight+ (kr.caramel.flash_plus) – 1.000.000+ downloads
- 달력메모장 (com.smh.memocalendar) – 1.000.000+ downloads
- K-Dictionary (com.joysoft.wordBook) – 1.000.000+ downloads
- BusanBus (com.kmshack.BusanBus) – 1.000.000+ downloads
- Flashlight+ (com.candlecom.candleprotest) – 500.000+ downloads
- Quick Note (com.movinapp.quicknote) – 500.000+ downloads
- Currency Converter (com.smartwho.SmartCurrencyConverter) – 500.000+ downloads
- Joycode (com.joysoft.barcode) – 100.000+ downloads
- EzDica (com.joysoft.ezdica) – 100.000+ downloads
- Instagram Profile Downloader (com.schedulezero.instapp) – 100.000+ downloads
- Ez Notes (com.meek.tingboard) – 100.000+ downloads
- 손전등 (com.candlencom.flashlite) – 1.000+ downloads
- 공이기 (com.doubleline.calcul) – 100+ downloads
- Flashlight+ (com.dev.imagevault) – 100+ downloads
We don't imagine that you have downloaded the Japanese apps, but all the others there is a good chance that you are using them, as they have a lot of downloads in total.
Clicker malware, once installed and launched, secretly visits fake websites and simulates clicking on ads without victims knowing.
"This can cause a lot of network traffic and consume energy without the user's awareness, and at the same time creates a profit for the one managing the threat actor," said McAfee researcher SangRyol Ryu.
To further hide its true motive, the app does not activate immediately after installation. She waits for some time so that they do not suspect her.
"The 'Clicker' malware targets illegal advertising revenue and may disrupt the mobile advertising ecosystem," Ryu said.