These malicious Android apps have already been downloaded over 20 million times

Ein Mann steht nachts in einer Stadt und kann via Smartphone seine Sport-Highlights online streamen

(Image credit: NordSecurity)

A collection of malicious Android apps have been discovered hiding in the Google Play Store that don't just slow down a victim's device, but also cause high phone bills via annoying malware.

Cybersecurity researchers from McAfee said they found 16 so-called "clicker" apps with currently have more than 20 million downloads.

The apps are mostly advertised as utility solutions: flashlight apps, profile downloaders, system checkers, security apps, dictionaries, currency converters, and similar. In fact, the biggest app from McAfee’s list is DxClean, a “system cleaner and optimizer”, with more than five million installs.

Automated ad clicks

Clicker apps are just as the name would suggest - apps that click things. They work in the device’s background, load ads so that the user doesn’t see them, and then click on them, generating extra revenue for the developers. Depending on the victims’ mobile data plans, these apps could also rake in extra expenses, as well.

Most of the time, though, they will just slow the device down, and drain its battery a bit faster.

The apps are also designed to mimic human behavior, as ad networks became relatively good at stopping bots and do not pay out revenues for automated and bot clicks. Furthermore, they’re also pretty good at hiding from the users, delaying their activities in the first hours after the installation, to make sure users don’t notice any significant drops in performance.

> Smartphone malware is on the rise - here's how to stay safe

> This Android malware could leave your wallet pretty empty

> These are the best firewalls around

While Google says it has now removed all of the apps from its repository, it can’t delete them from the users’ devices - so until users remove the apps themselves, they will remain at risk.

Anyone suspecting their devices hold such apps should experiment by leaving their smartphones idle for a couple of hours. Should it lose too much battery, or show an increase in mobile data consumption, they should remove potential malicious apps before running the experiment again.

The full list of malicious apps can be found on this link.

Check out our list of the best identity theft protection out there

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.