Millions of Android devices infected by apps with push malware

Researchers have discovered another batch of seemingly innocent apps that are actually designed to push onto the endpoints, and rake up expenses to the unsuspecting victims.

The latest batch included wallpaper apps, keyboards, photo editors, video editors, and an occasional cache cleaner or system maintenance apps, was discovered by the Dr. Web antivirus (opens in new tab) team, and have more than 10 million downloads between them.

Overall, 28 apps were found on the Google Play Store, having somehow managed to bypass Google play security policies.

apps hacked

As for the damages, the practice is more or less the same. Once installed, most apps will try to hide, changing their appearance in the app drawer to that of a system app. That way, they hope the users would be discouraged from uninstalling them. Then, the apps would push ads, and try to sign up the victim to various premium services, to rake up additional expenses.

None of this would have been possible if users wouldn’t give the apps the necessary permissions. Even though the apps are simple in design (and actually do what they’re advertised to do), they often ask the users for advanced permissions, such as the permission to be excluded from the battery saver feature, so that they can remain operational in the background even when terminated by the user Industryflag.

Most of the apps have already been removed from the Play Store, but three remain. Still, even if all of the apps were removed, they have still been downloaded millions of times, and until all victims remove them from their , they’ll continue to be a threat.

With malicious apps getting good at hiding in plain sight, downloading exclusively from known sources is no longer the only advice. Users should also read through the reviews, as they are a good indicator of the apps’ legitimacy. Also, make sure to check there are plenty of reviews, as threat actors can sometimes spoof some of them. If an app only has a handful of reviews, it’s best to stay away.

Here is the full list of malicious apps discovered by the researchers:

  1. Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
  2. Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
  3. Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  4. Photo Editor Industry(gb.twentynine.redaktoridea)
  5. Photo Editor & Background Eraser (de.photoground.twentysixshot)
  6. Photo & Exif Editor (de.xnano.photoexifeditornine)
  7. Photo Editor Industry(de.hitopgop.sixtyeightgx)
  8. Photo Filters & Effects (de.sixtyonecollice.cameraroll)
  9. Photo Editor : Blur Image (de.instgang.fiftyggfife)
  10. Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
  11. Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  12. Neon Theme Keyboard (
  13. Neon Theme Industry(
  14. Cashe Cleaner (
  15. Fancy Charging (
  16. FastCleaner: Cashe Cleaner (
  17. Call Skins Industry(
  18. Funny Caller (
  19. CallMe Phone Themes (
  20. InCall: Contact Background (
  21. MyCall Industry(
  22. Caller Theme (com.caller.theme.slow)
  23. Caller Theme (com.callertheme.firstref)
  24. Funny Wallpapers Industry(
  25. 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
  26. NewScrean: 4D Wallpapers (
  27. Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
  28. Notes Industry( (opens in new tab)
You might also like

Comments are closed.