Google Play has removed 16 apps from its app store after the McAfee Mobile Research Team alerted the company to Clicker malware associated with the apps, affecting 20 million people who installed the apps.
The apps have already been removed from Google Play's app offerings.
Like so many mobile malware schemes, the apps profess to be helpful to users, providing a handy tool or time-saving utility. But they are simply pushing ads in the background that crawl and collect illegal advertising revenue.
Utility applications such as Flashlight (Torch), QR readers, Camera, unit converters, and task managers were among app categories affected. Here's the full list of apps affected and since removed:
- BusanBus (com.kmshack.BusanBus)
- Currency Converter (com.smartwho.SmartCurrencyConverter)
- EzDica (com.joysoft.ezdica)
- Ez Notes (com.meek.tingboard)
- Flashlight+ (com.candlencom.candleprotest)
- Flashlight+ (kr.caramel.flash_plus)
- Flashlight+ (com.dev.imagevault)
- High-Speed Camera (com.hantor.CozyCamera)
- Instagram Profile Downloader (com.schedulezero.instapp)
- Joycode (com.joysoft.barcode)
- K-Dictionary (com.joysoft.wordBook)
- Quick Note (com.movinapp.quicknote)
- Smart Task Manager (com.james.SmartTaskManager)
- 손전등 (com.candlencom.flashlite)
- 계산기 (com.doubleline.calcul)
- 달력메모장 (com.smh.memocalendar)
According to the McAfee news item: "Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden from detection. Malicious actions such as retrieving crawl URL information via FCM messages start in the background after a certain period of time and are not visible to the user."