Google usually removes malicious apps from the Play Store, and everyone knows this.
This is their digital storefront, so they always make sure to keep things nice and clean and especially free from potentially dangerous apps.
22 apps with 2 million downloads were malicious
However, it turns out that there are 22 apps which managed to escape Google’s radar. These apps had a total of about 2 million downloads on user devices, and they had a malicious backdoor that has been abused in an ad-clicking scheme.
Things started with the Sparkle Flashlight app which has been updated to include a secret app downloader back in June after it was on the Google Play Store since 2016.
These apps would phone home in order to download the ad-fraud modules, and they would receive new commands every 80 seconds.
This typically involves displaying and clicking on ads in order to generate revenue.
To keep this hidden, the ads were displayed in a virtually non-existent window that had zero pixels high and zero pixels wide.
Users were not able to see the ads, but the apps would quickly drain the battery and use lots of data in the background.
In order to obfuscate things even more than this, the ad-fraud had devices spoofing their user agent strings to avoid false click detection.
They would then report to ad servers as several different models if iPhones as well and any of the 249 models of Android devices.
The apps were eventually pulled out
The good news is that Google acknowledged the issue and pulled these apps out of its Play Store.
The bad news is that they were able to sit there for so long and they were downloaded 2 million times. Being able to get malware to rival some horrible Windows viruses straight via Google Play doesn’t really built too much confidence, does it?