With more than 20 million installs, Google Play has become a hotbed of malvertising programs

McAfee security researchers found that there were 16 maliciously clicked apps in the official Google Play store with more than 20 million installs. One of the apps, DxClean, has been installed more than 5 million times and has a funny 4.1 out of 5 user rating.

This type of adware disguised as an application often appears as loading ads and clicking on them in invisible frames or in the background, generating revenue for the attackers behind it.

Recently, the McAfee Mobile Research Group discovered new Clicker malware that sneaked into Google Play. McAfee published the report saying: “In total, 16 applications previously on Google Play were proven to have malicious payloads, with approximately 20 million installs.”

Attackers hide malicious click code in more useful applications such as Torch, QR readers, Camara, unit converters, and task managers.

Malicious clickers are propagated through FCM messages (Firebase Cloud Messaging), and when an application receives an FCM message that meets certain criteria, the function is launched in the background. FCM messages include a variety of information, such as the function to call and the parameters to pass. ”

Typically, these features instruct the device to visit a website in the background while mimicking the user’s behavior. This can consume a lot of network traffic and power, while generating profits for the attackers by clicking on ads without the user’s knowledge.

The experts identified two pieces of code in these clicker apps, one is “” library which is usedto automate clicking functionality, the second one is “com.liveposting” library that’s acts as an agent and runs hidden adware services.

Security firms currently share all 16 Clicker apps reported by McAfee experts and have been removed from Google Play. “The Clicker malware targets illegal advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden and difficult for users to detect. ”

Finally, security experts recommend installing and activating a security software so that users are notified of any mobile security threats present on their devices. Timely removal of these malicious applications can not only extend battery life, but also greatly reduce traffic consumption and protect users’ personal information and data security.