Android apps with 1.5 million downloads discovered as ad-clicking malware in disguise

Technology is evolving every passing second, a new technology comes and replaces the other. Users adapt according to the changes to bring more comfort in their lives.

Different tech-related companies work on developing a variety of apps to help users with their daily tasks and to make it easy for them with just a single tap on the screen. Although the new technology no doubt helps users in a variety of ways but along with that it also increased the risk of threats to user privacy and safety. Hackers also evolve along with the evolving technology and use new strategies to access user’s data to generate revenue without the authorization from the user.

Malicious apps discovered by Android Security

Recently, Android security discovered two apps in the Google Play Store operating as regular apps but behind that working to generate revenue through ads.

These two Android apps have more than 1.5 million downloads in the Google Play Store and have managed to operate under the radar for more than a year.

These fake apps used a new trick to keep the apps under the radar and secretly work to generate revenue by clicking on ads without authorization from smartphone users.

The researchers from Security Company named Symantec discovered this abnormal behavior of the apps who were in the Play Store for almost 12 months before being discovered. When Symantec reported regarding the behavior of these Android apps to Google, the platform quickly responded with the removal of these apps from the Play Store.

Detailed insight into these apps

The tow apps found included one notepad app named ‘Idea Note: OCR Text Scanner, GTD, Color Notes’ and a fitness app called ‘Beauty Fitness: daily workout, best HIIT coach’. These two apps were packed with authenticated packers specifically developed to secure the data of Android applications. The packers used by these apps can also modify the flow of an Android Package Kit which makes it really difficult for researchers to understand the workings of these apps in detail.

These apps use a unique strategy to display and click on ads while keeping it hidden from the device’s viewable screen area. This means that users were not able to see whatever was happening behind these apps. This strategy makes it easy for the app creators to allow advertisements and any other malicious or harmful content to be displayed freely behind the screen without users’ knowledge. The apps after displaying the ads can create automated ad-clicking to generate revenue. Due to the usage of the app to generate revenue behind the screen, users can find their battery drainage more as compared in the past, users with these apps installed will notice their device slowing down or running out of storage due to access to various ad websites by these apps.


The use of Android packers and the unique strategies to hide advertisements makes these apps more complex for security researchers to detect any false activity. If you have these apps already installed, it’s best to manually uninstall these apps from your devices as soon as possible.

According to report, the viruses and malicious attacks from apps containing malware in the Google Play Store grew to 100 percent since last year. According to Google, the reason why the malicious apps grew more in Play Store might be its definition of potentially harmful apps which now also includes click-frauds apps in the category as well.

To stay safe, always try to read reviews and feedback before downloading any app from the Google Play Store.



Read next: Trojan-Dropper discovered in Google Play Store with 100 million+ downloads
Previous Post Next Post