Google has removed 22 apps from Play Store after they were found to be containing device-draining backdoors that allowed them to secretly download files from an attacker-controlled server, ArsTechnica reported. These apps have cumulatively been download for over 2 million times. The list includes Sparkle Flashlight, an app that was downloaded for more than 1 million times since it entered Google Play sometime in 2016 or 2017, cybersecurity company Sophos said in a blog post.
The firm claimed that Sparkle Flashlight and two other apps were updated to add the secret downloader in March this year. The remaining apps became available after June and contained the downloader from the start itself. Sophos says that these apps were being used to click on fraudulent ads and ran even after being force-closed causing high battery drain and consumption of huge amount of data. Google removed these apps in the last week of November.
“Andr/Clickr-ad is a well-organized, persistent malware that has the potential to cause serious harm to end users, as well as the entire Android ecosystem. These apps generate fraudulent requests that cost ad networks significant revenue as a result of the fake clicks. From the user's perspective, these apps drain their phone's battery and may cause data overages as the apps are constantly running and communicating with servers in the background. Furthermore, the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server,” Sopos said in the blogpost.
Here is the list of 22 apps that were removed by Google Play Store:
1) Sparkle FlashLight
2) Snake Attack
3) Math Solver
4) ShapeSorter
5) Tak A Trip
6) Magnifeye
7) Join Up
8) Zombie Killer
9) Space Rocket
10) Neon Pong
11) Just Flashlight
12) Table Soccer
13) Cliff Diver
14) Box Stack
15) Jelly Slice
16) AK Blackjack
17) Color Tiles
18) Animal Match
19) Roulette Mania
20) HexaFall
21) HexaBlocks
22) PairZap
Recently, Google removed 13 apps from Play Store because they were actually malwares that were disguised as apps. An ESET security Researcher Lukas Stefanko tweeted about these apps, demonstrating how they were fake and would hide their app icons on a device after being downloaded and installed. These apps were said to download another APK in the background called ‘Game Center’ and asked the user to install it. Once installed, this app too hides in the background and displays ads when the device is unlocked.