Nine fake Android apps from the Play Store have been downloaded 470,000 times masquerading as performance optimization tools. In reality, they had fraudulent access to users’ Google and Facebook accounts. This is what is revealed by Trend Micro, a Japanese company specializing in cybersecurity.
The firm has indeed published a post to report malware targeting Android users from the Play Store. The strategy applied here is quite pernicious. The malware in fact hides in applications with names such as “Speed Clean” or “Super Clean”. In other words, the idea is to pretend to be a tool capable of optimizing the performance of your smartphone by cleaning it from certain superfluous files.
Here are the 9 infected Android apps
|App Name||Package||No. of Installs|
|Shoot Clean-Junk Cleaner,Phone Booster,CPU Cooler||com.boost.cpu.shootcleaner||10,000+|
|Super Clean Lite- Booster, Clean&CPU Cooler||com.boost.superclean.cpucool.lite||50,000+|
|Super Clean-Phone Booster,Junk Cleaner&CPU Cooler||com.booster.supercleaner||100,000+|
|Quick Games-H5 Game Center||com.h5games.center.quickgames||100,000+|
|Rocket Cleaner Lite||com.party.rocketcleaner.lite||10,000+|
|Speed Clean-Phone Booster,Junk Cleaner&App Manager||com.party.speedclean||100,000+|
Instead of carrying out this task, the applications concerned will instead go to download up to 3000 variants of malware on infected smartphones and, thanks to this, they will be able to access the Google and Facebook accounts of the victims to conduct fraudulent advertising practices. The false cleaning tools will, among other things, display advertisements from legitimate platforms such as Google AdMob or Facebook Audience Network and then simulate clicks on the advertisements.
Fake apps also prompt users to give them permissions while disabling Play Protect, the security program in the Google Play Store. This allows them to download more and more fraudulent software without being spotted.
Finally, they can also use accessibility options to post fake comments and ratings to the Play Store to attract others to download them.
The affected apps have been removed from the Play Store by Google, but it is expected that the malware will resume the attack with other fake apps. The most affected countries are Japan, Taiwan, the United States, Thailand and India.