These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud.

The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them, cybersecurity firm McAfee said.

The list of offending apps is as follows -

High-Speed Camera (com.hantor.CozyCamera) - 10,000,000+ downloads Smart Task Manager (com.james.SmartTaskManager) - 5,000,000+ downloads Flashlight+ (kr.caramel.flash_plus) - 1,000,000+ downloads 달력메모장 (com.smh.memocalendar) - 1,000,000+ downloads K-Dictionary (com.joysoft.wordBook) - 1,000,000+ downloads BusanBus (com.kmshack.BusanBus) - 1,000,000+ downloads Flashlight+ (com.candlencom.candleprotest) - 500,000+ downloads Quick Note (com.movinapp.quicknote) - 500,000+ downloads Currency Converter (com.smartwho.SmartCurrencyConverter) - 500,000+ downloads Joycode (com.joysoft.barcode) - 100,000+ downloads EzDica (com.joysoft.ezdica) - 100,000+ downloads Instagram Profile Downloader (com.schedulezero.instapp) - 100,000+ downloads Ez Notes (com.meek.tingboard) - 100,000+ downloads 손전등 (com.candlencom.flashlite) - 1,000+ downloads 계산기 (com.doubleline.calcul) - 100+ downloads Flashlight+ (com.dev.imagevault) - 100+ downloads

The Clicker app, once installed and launched, unleashes its fraudulent functionality that enables the malware to covertly visit bogus websites and simulate ad clicks without the victims' knowledge.

"This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware," McAfee researcher SangRyol Ryu said.

To further conceal its true motive, the app takes into account the app's installation time such that the suspicious activity doesn't kick in within the first one hour of downloading the app. It also incorporates a randomized delay in between to stay under the radar.

The findings arrive two months after McAfee discovered a dozen Android adware apps distributed on the Google Play Store, which harbored a malware strain called HiddenAds that were found to execute automatically without any user interaction.

"Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem," Ryu said. "Malicious behavior is cleverly hidden from detection."

Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.