KEY POINTS

  • Malicious actors have a new way to generate income from unsuspecting consumers
  • They simply have to wait for users to download and instll their malicious apps
  • These "clicker" apps not only generate revenue for malicious actors but also slow down the device and drain its battery fast

The major reasons why smartphones are easily replaceable these days are their very slow performance and poor battery life. While many consumers are taking care of the battery of their smartphones, there are apps they unknowingly downloaded and installed in their devices that not only slow down their devices but also drain their battery fast.

Fake apps and malicious software are proliferating online these days and most of the time, consumers merrily download them because they appear like useful utilities that can help users in their day-to-day lives. However, these apps do not appear and function as advertised.

American global computer security software company McAfee reported that there are fake apps disguised as utility software that end up enabling users to commit ad fraud, drain the device's battery and slow down its performance.

Unfortunately, according to the report, these fake apps masquerading as calculators or flashlights have been downloaded by Android users over 20 million times from Google's official mobile storefront Play Store. The computer security software company has already reached out to Google and the tech giant immediately removed these apps from the Play Store.

However, they remain harmful to those who have downloaded and installed them on their devices. Also known as Clicker apps, McAfee said apps like "Flashlight (Torch), QR readers, Camara, Unit converters, and Task managers," contain malicious code. As soon as users install and open them on their devices, they execute an HTTP request and download remote configuration.

Following the download of the configuration, the apps register the Firebase Cloud Messaging (FCM) listener, allowing the device to receive push messages. "At first glance, it seems like well-made android software. However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques," the report revealed.

"When an FCM message receives and meets some condition, the latent function starts working. Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user's behavior," the report further said.

Unknown to users, their device is consuming power while generating profit for malicious actors through heavy network traffic. And while these apps do not contain malware that steals users' identities or login credentials, their activities drain the device's battery and eventually slow down its performance.

The Clicker apps reported by the computer security software company include High-Speed Camera, Smart Task Manager, Flashlight, 달력메모장 (Calendar Notepad), K-Dictionary, BusanBus Flashlight+, Quick Note, Currency Converter, Joycode, EzDica, Instagram Profile Downloader, Ez Notes, 손전등 (Flashlight) and 계산기 (Calculator).

If you have one of these apps, immediately uninstall them from your devices.

apps
List of Clicker apps according to McAfee McAfee blog post