Battery-draining Android apps with 20 million downloads pulled from the Google Play Store

Cybersecurity researchers at McAfee identity apps which infect users with malware for adware fraud - users are urged to uninstall them as soon as possible.
Written by Danny Palmer, Senior Writer

A woman looking thoughtful while looking at her smartphone.

Image: Getty/Guido Mieth

Sixteen Android apps downloaded by a combined total of over 20 million users have been removed from the Google Play store after it was discovered they contained malware which uses up data and drains batteries.  

The malware has been discovered by cybersecurity researchers at McAfee who reported them to Google. The apps are no longer available on Google Play – but users who've already downloaded the apps will still be infected unless they uninstall them. 

The apps are designed to look like utilities including flashlights, QR code readers, camera enhancers, unit converters, task managers and more.  

The apps contained clicker malware - malware which secretly runs in the background and clicks on illicit advertising links to generate ad revenue. 

While clicker malware might not be as dangerous to users as malware which steals passwords or bank details, it still causes disruption by draining the battery or using up mobile data. The latter could cost victims money if it takes them over their data allowance and they're charged for it. 

Also: How to keep your bank details and finances more secure online

Some of the apps which have been identified as delivering clicker malware include apps called currency converter, image vault, camera and more. The full list including package names has been detailed by the McAfee mobile research team.  

Some of the applications have been individually downloaded by millions of Android users. 

For example, one app installed by over 5 million users claimed to enable them to find apps which eat a lot of data, although of course the malware inside the app was exactly the sort of thing that would uses up data. 

To avoid being detected, the malware delays initially starting the malicious activity for at least an hour and after that it detects whether the user is actively using their device or not, so the malicious activity doesn't take place when the device is being looked at. 

It's recommended that users who've installed apps listed as containing clicker malware uninstall them as quickly as possible.

"Once you remove this and other malicious applications, you can expect an extended battery time and you will notice reduced mobile data usage while ensuring that your sensitive and personal data is protected from this and other types of threats," said McAfee's SangRyol Ryu. 

A Google spokesperson confirmed that the malicious applications are no longer available on Google Play.


Editorial standards