Computer security software company McAfee recently issued a warning to more than 20 million Android users who may fall victim to malicious hidden files discovered in several apps. This malware is said to be a clicker, exposing users to a wide range of risks.
Beware: Clicker Malware
Based on a report from News.com.au, the cited apps are said to drain mobile devices' batteries at an alarming rate. Eventually, it can affect hardware by slowing down the device's performance.
In a blog post, the security software company stated that cybercriminals are now developing malicious software to present helpful mobile phone tools before wreaking havoc on the device's system. This mobile malware operates in the background and is designed to assist criminals in generating illegal advertising revenue.
McAfee researchers have discovered a new clicker malware that infiltrated Google Play. With an estimated 20 million installations, a total of 16 previously available applications on Google Play have been reported to contain a malicious payload.
"McAfee security researchers notified Google and all of the identified apps are no longer available on Google Play," the company said in the blog post.
McAfee stated in a separate post that malware authors create advertising pages on Facebook to promote these apps to new users. Users will undoubtedly download it because it is a link to Google Play distributed via credible social media.
How Clickers Work
McAfee experts stated that the malicious code was embedded in utility apps such as QR Readers, Cameras, Unit Converters, and even the Flashlight function app. The malicious payload was also discovered on other critical apps, such as task managers.
According to McAfee, the malware begins to operate when users open the infected apps. The malware then executes an HTTP request to download its remote configuration. After downloading the configuration, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages.
Users must exercise extreme caution because these applications can appear to look like genuine Android software. These apps contain ad fraud features that exploit mobile devices in a variety of ways.
The security software maker reassured the public that the problem had already been resolved and disclosed that McAfee security researchers had already notified Google, who had removed all of the identified apps from Google Play. Google Play Protect features also protect users by disabling these apps on Android.
To help users spot these dangerous apps, here is a list of the impacted apps disclosed by McAfee:
- BusanBus (com.kmshack. BusanBus)
- Currency Converter (com.smartwho. SmartCurrencyConverter)
- EzDica (com.joysoft.ezdica)
- EzNotes (com.meek.tingboard)
- Flashlight+ (com.candlencom.candleprotest)
- Flashlight+ (com.dev.imagevault)
- Flashlight+ (kr.caramel.flash_plus)
- High-Speed Camera (com.hantor. CozyCamera)
- Instagram Profile Downloader (com.schedulezero.instapp)
- Joycode (com.joysoft.barcode)
- K-Dictionary (com.joysoft.wordBook)
- Quick Note (com.movinapp.quicknote)
- Smart Task Manager (com.james. SmartTaskManager).