Yet another assemblage of malicious apps is plaguing Android devices everywhere, which means its time to make sure you haven’t unknowingly downloaded one of them—but this batch is a bit different from the usual crop.
According to a recent McAfee blog post, the researchers at the cyber security firm discovered a malicious ad “clicker” hidden in at least 16 apps pretending to be useful software, from QR code scanners, to travel tools, and more. While not as dangerous as other forms of malware, these apps can be a resource hog, slowing down your phone’s hardware performance and draining battery life in persuit of maximizing ad revenue.
What do they do?
The full list of apps includes thirteen listings with English titles:
- BusanBus (com.kmshack.BusanBus)
- Currency Converter (com.smartwho.SmartCurrencyConverter)
- EzDica (com.joysoft.ezdica)
- EzNotes (com.meek.tingboard)
- Flashlight+ (com.candlencom.candleprotest)
- Flashlight+ (com.dev.imagevault)
- Flashlight+ (kr.caramel.flash_plus)
- High-Speed Camera (com.hantor.CozyCamera)
- Instagram Profile Downloader (com.schedulezero.instapp)
- Joycode (com.joysoft.barcode)
- K-Dictionary (com.joysoft.wordBook)
- Quick Note (com.movinapp.quicknote)
- Smart Task Manager (com.james.SmartTaskManager)
Three apps with Korean titles were also part of McAfee’s roundup.
Unlike other malware, which seeks to steal your data or defraud your bank account, the clicker McAfee found uses your Android device’s resources to “crawl” ads whenever the offending apps are open in the background. Basically, the app is idly clicking on advertisements without you knowing it. Doing so earns the app makers ad revenue at the expense of your phone’s performance and battery life.
What should you do about these apps?
Check to make sure you haven’t installed any of the apps listed above. If you have, delete them right away. Google has removed them from the Play Store, but they more still be active on some phones, especially if you side-loaded them or installed them using a third-party app store. No other steps need to be taken to keep your devices or data safe. Once they’re removed, the hardware issues should stop.
That said, even though adware like this is relatively benign compared to more serious forms of malicious software like spyware or ransomware, you should still take steps to prevent your devices from infection. The best practices for keeping adware off your device are the same as any other form of malware: only download apps from trusted publishers and official app stores, thoroughly vet any software before downloading, and pay attention to the permissions an app asks for.
In this case, there were some telltale signs the apps were either fake and/or malware—specifically their functionality. A good litmus test for whether an app is a possible scam is if it promises features that are too good to be true (such as an “Instagram Profile Downloader”), or redundant (like the numerous “Flashlite+” apps listed above). All Android devices already have a built-in flashlight, camera, and note-taking apps. Your stock camera app works as a QR code scanner, too. Similarly, Google Translate is an effective and ubiquitous translation tool and dictionary, and Google Search works as a dictionary and can crunch any currency conversion equations instantaneously. You don’t need to download apps that perform those functions.