These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware


As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware.

“All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others,” Dr.Web said in a Tuesday write-up.

While masquerading as innocuous apps, their primary goal is to request permissions to show windows over other apps and run in the background in order to serve intrusive ads.

To make it difficult for the victims to detect and uninstall the apps, the adware trojans hide their icons from the list of installed apps in the home screen or replace the icons with others that are likely to be less noticed (e.g., SIM Toolkit).


Some of these apps also offer the advertised features, as observed in the case of two apps: “Water Reminder- Tracker & Reminder” and “Yoga- For Beginner to Advanced.” However, they also covertly load various websites in WebView, and simulate user actions to click on banners and ads.

Also uncovered are another set of apps distributing the Joker malware in the form of launcher, camera, and emoji stickers apps that, when installed, subscribe users to paid mobile services without their knowledge and consent.

Google Play Store

The third category of rogue apps relates to those that pose as image editing software but, in reality, are designed to break into Facebook accounts.

“Upon launching, they asked potential victims to log in to their accounts and then loaded a genuine Facebook authorization page,” Dr.Web researchers said. “Next, they hijacked the authentication data and sent it to malicious actors.”

  • Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
  • Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  • Photo Editor – Design Maker (gb.twentynine.redaktoridea)
  • Photo Editor & Background Eraser (de.photoground.twentysixshot)
  • Photo & Exif Editor (de.xnano.photoexifeditornine)
  • Photo Editor – Filters Effects (de.hitopgop.sixtyeightgx)
  • Photo Filters & Effects (de.sixtyonecollice.cameraroll)
  • Photo Editor : Blur Image (de.instgang.fiftyggfife)
  • Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (
  • Neon Theme – Android Keyboard (
  • Cashe Cleaner (
  • Fancy Charging (
  • FastCleaner: Cashe Cleaner (
  • Call Skins – Caller Themes (
  • Funny Caller (
  • CallMe Phone Themes (
  • InCall: Contact Background (
  • MyCall – Call Personalization (
  • Caller Theme (com.caller.theme.slow)
  • Caller Theme (com.callertheme.firstref)
  • Funny Wallpapers – Live Screen (
  • 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (
  • Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
  • Notes – reminders and lists (

Last but not least, also spotted on the app storefront was a rogue communications app known as “Chat Online,” which tricks users into providing their mobile phone numbers under the pretext of signing up for online dating services.

In a different version of the same malware, a seemingly real conversation is initiated, only for the app to prompt users to pay for premium access to continue the chat, incurring fraudulent charges.


Although these apps have been purged, it’s no surprise that mobile malware has been proven to be resilient, what with the criminal actors constantly finding new ways to bypass protections put in place by Google.

Users are recommended to exercise caution when it comes to downloading apps, Google Play or otherwise, and refrain from granting extensive permissions to apps. Turning on Google Play Protect and scrutinizing app reviews and ratings are other ways to secure devices from malware.

Products You May Like

Articles You May Like

Security Flaws Found in Popular WooCommerce Plugin
560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe
Phishing Attacks Targeting US and European Organizations Double
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
Ascension Attack Caused by Employee Downloading Malicious File

Leave a Reply

Your email address will not be published. Required fields are marked *