Tech giant Google has removed 22 apps from its play store for showing malicious behaviour. According to Ars Technica, these apps were downloaded two million times. The 22 apps included Sparkle Flashlight, a flashlight app that was downloaded close to a million times after it was made available on Play Store a year ago.
According to Sophos, as many as 19 apps were available since June. These apps included “device-draining backdoor” from the beginning that helped them to download files from a server that was controlled by an attacker, without any knowledge of the user. Apps like Sparkle Flashlight, and other apps were updated in March 2018 in order to add the backdoor.
All the 22 malicious apps were removed from Google in the last few days of November. “Andr/Clickr-ad is a well-organized, persistent malware that has the potential to cause serious harm to end users, as well as the entire Android ecosystem,” the Sophos blog post read.
These apps which apparently clicked on fraudulent ads without the knowledge of the user were active even after force-closed. This led the apps to “drain the phone’s battery and cause data overages”. “Furthermore, the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server,” the post read further.
In a statement last week, Google said it takes “deceptive and malicious behaviour” on the platform very seriously. The statement was released after Google removed CM File Manager and Kika Keyboard apps from Cheetah Mobile and Play Store for deceptive behaviour.