These 16 Android Apps Are Visiting Websites Without Your Knowledge, Uninstall Them ASAP
hMcAfee cyber experts have reported 16 apps that engage in pay-per-click fraud without the knowledge of their users. This clicker malware was most often hidden behind a legitimate application such as a flashlight, calendar or currency converter.
McAfee analysts have detected several Android apps that engage in ad fraud, or Pay Per Click Fraud. The cybersecurity company has obviously denounced this malware to Google, which in its effort to ban misleading and ad-riddled applications, has therefore hastened to remove them from the Store. However, they had time to do damage, since according to the software publisher, no less than twenty million users have already downloaded one of these sixteen malicious applications.
These apps are mostly utilities such as a flashlight, a measurement conversion tool or a QR code reader. Once installed, these download malicious code and then open a website in the background with advertisements. The malware visits these pages and behaves there like an average Internet user: it clicks on the links displayed and earn money for the cybercriminals who own this fake affiliate site.
All 16 Android apps installed a clicker that opened hidden internet pages
Ad fraud is estimated to be the biggest cybercrime in terms of revenue. In 2022, the amount of losses attributable to it amounts to $68 billion, or nearly 20% of marketing spending. According to McAfee, the technique used by the hackers uses a Google service, the Firebase Cloud Messenging, which is used not only to create messaging but also to send notifications to devices. Through the FCM, the hackers have found a way to send “hidden” messages that execute commands on the victim’s laptop: in this case open a hidden web page and launch a Clicker.
To read : The Google Play Store will change its design on Android tablets in 2023
Of course, the goal for cybercriminals is to get as many pages visited as possible without being detected. Users who have installed one of these scam apps, but have remained attentive, will probably have noticed that their smartphone battery drains faster than usual and their network connection seems slower. The applications harboring this ad fraud vector malware are: SmartTaskManager by James, Flash Plus by Caramel, Memocalendar by Smh, WordBook by Joysoft, BusanBus by kmshack, Candleprotest by candlencom, Quicknote by Movinapp, SmartCurrencyConverter by Smartwho, Barcode by Joysoft, Ezdica by Joysoft, Schedulezero’s Instapp, Meek’s Tingboard, Candlencom’s Flashlite, Doubleline Compute, and Imagevault. Google not only asserts that all these apps have been removed from the play storebut also that Android smartphone users are protected by Google Protect.