It's not a good time to be an Android user who frequents the Google Play Store for apps. Just over the last few weeks, malware-laden apps that had been downloaded over half a million times were found on the Play Store. Apps from Cheetah Mobile were also found to be committing click fraud and running down the batteries inside user devices. Reports are now surfacing that Google has now pulled another batch of 22 apps from the Google Play Store that had been downloaded over 2 million times cumulatively.
The newest apps discovered to be malicious had a so-called "device-draining backdoor" that allowed them to download files from a server controlled by the attacker. The most disturbing part is that the Sophos report detailing the malicious apps notes that an app called Sparkle Flashlight, and two other apps were updated to include the secret downloader towards the start of 2018. That seemingly means the apps were fine initially and were later updated with malicious code. The other apps in the group had the malicious downloader installed from the start.
The purpose of these malicious apps was similar to the malicious apps from Cheetah Mobile in that they were all designed to click on ads fraudulently. Sophos called the family of 22 apps "Andr/
The reason that the fraudsters disguised the clicks is thought to be that iPhone clicks paid higher prices than those from Android devices. iPhone users are believed to be a more lucrative demographic for advertisers. Yet again these apps weren't pulled until a major report was published that outlined their nefarious activities, but Google did act quickly once it was told of the nefarious apps.