Google removed 22 apps from the Google Play Store that showed malicious behavior. These apps collectively were downloaded two million times, reports Ars Technica. The set also includes flashlight app, Sparkle Flashlight that was downloaded over a million times since it was made available on the Play Store almost a year ago.
As per a blog post by antivirus provider Sophos, 19 apps, which were made available from June this year, included from the beginning a “device-draining backdoor” that enabled them to download files from a server controlled by an attacker, without the user’s knowledge. However, Sparkle Flashlight and two other apps were updated in March 2018 to add the backdoor.
Google is said to remove all 22 malicious apps from the Play Store during the week of November 25. “Andr/Clickr-ad is a well-organized, persistent malware that has the potential to cause serious harm to end users, as well as the entire Android ecosystem,” the blog post reads.
The malicious apps apparently clicked on fraudulent ads without the user’s consent and were active even after they were force-closed, which caused the apps to “drain the phone’s battery and cause data overages”. “Furthermore, the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server,” as per the post.
Google said in a statement last week that it takes “deceptive and malicious behaviour” on the platform seriously, and if an app violates it, then they take action. The statement was issued as the search giant removed Kika Keyboard and CM File Manager apps from China’s Cheetah Mobile, from Play Store over malicious and deceptive behaviour. This was reported by BuzzFeed.
Last month, Google removed 13 apps from the Play Store after a ESET security researcher Lukas Stefanko pointed out they were installing malware on devices. The apps all together have reportedly been downloaded on over 5,60,000 Android devices.