Google deletes 22 malicious apps from Play Store that were installed over 2 million times: Report

By Digit NewsDesk | Published on Dec 08 2018
Google deletes 22 malicious apps from Play Store that were installed over 2 million times: Report

According to a report, these apps contained a device-draining backdoor that allowed them to surreptitiously download files from an attacker-controlled server. They were removed in the last week of November.

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

Google has removed 22 apps from Play Store after they were found to be containing device-draining backdoors that allowed them to secretly download files from an attacker-controlled server, ArsTechnica reported. These apps have cumulatively been download for over 2 million times. The list includes Sparkle Flashlight, an app that was downloaded for more than 1 million times since it entered Google Play sometime in 2016 or 2017, cybersecurity company Sophos said in a blog post.

The firm claimed that Sparkle Flashlight and two other apps were updated to add the secret downloader in March this year. The remaining apps became available after June and contained the downloader from the start itself. Sophos says that these apps were being used to click on fraudulent ads and ran even after being force-closed causing high battery drain and consumption of huge amount of data. Google removed these apps in the last week of November.

“Andr/Clickr-ad is a well-organized, persistent malware that has the potential to cause serious harm to end users, as well as the entire Android ecosystem. These apps generate fraudulent requests that cost ad networks significant revenue as a result of the fake clicks. From the user's perspective, these apps drain their phone's battery and may cause data overages as the apps are constantly running and communicating with servers in the background. Furthermore, the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server,” Sopos said in the blogpost.

Here is the list of 22 apps that were removed by Google Play Store:

1) Sparkle FlashLight

2) Snake Attack

3) Math Solver

4) ShapeSorter

5) Tak A Trip

6) Magnifeye

7) Join Up

8) Zombie Killer

9) Space Rocket

10) Neon Pong

11) Just Flashlight

12) Table Soccer

13) Cliff Diver

14) Box Stack

15) Jelly Slice

16) AK Blackjack

17) Color Tiles

18) Animal Match

19) Roulette Mania

20) HexaFall

21) HexaBlocks

22) PairZap

Recently, Google removed 13 apps from Play Store because they were actually malwares that were disguised as apps. An ESET security Researcher Lukas Stefanko tweeted about these apps, demonstrating how they were fake and would hide their app icons on a device after being downloaded and installed. These apps were said to download another APK in the background called ‘Game Center’ and asked the user to install it. Once installed, this app too hides in the background and displays ads when the device is unlocked.


DIGIT INTERVIEWS   Larry Clinton Cyber Security Expert
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.