"Malicious Clicker Apps in Google Play Have 20M+ Installs"

McAfee security researchers have discovered 16 malicious clicker apps that were installed more than 20 million times from the official Google Play store. DxClean, one of these apps, has been downloaded over five million times and has a user rating of 4.1 out of 5 stars. Clicker apps are a type of adware software that loads ads in the background or in invisible frames. They generate revenue for the threat actors behind the campaign. The malicious code was hidden in useful utility applications such as Flashlight (Torch), QR readers, Camera, unit converters, and task managers. When the clicker apps are launched, they will download the configuration from a remote server and register the Firebase Cloud Messaging (FCM) listener to receive push notifications. The FCM message contains various information, including the functions to call and the parameters to pass them. When the app receives an FCM message that meets a certain condition, the associated function begins running in the background. The functions typically instruct the device to visit websites in the background while mimicking the user's behavior. This may result in high network traffic and power consumption, while the attackers profit by clicking on ads without the users' knowledge. This article continues to discuss the researchers' discovery of 16 malicious clicker apps in the official Google Play store that were downloaded by over 20 million users.

Security Affairs reports "Malicious Clicker Apps in Google Play Have 20M+ Installs"