[ Dec 10, 2018 ]
Almost two dozen apps with more than 2 million downloads have been removed from the Google Play market after researchers found they contained a device-draining backdoor that allowed them to surreptitiously download files from an attacker-controlled server.
The 22 rogue titles included Sparkle Flashlight, a flashlight app that had been downloaded more than 1 million times since it entered Google Play sometime in 2016 or 2017, antivirus provider Sophos said in a blog post published Thursday. Beginning around March of this year, Sparkle Flashlight and two other apps were updated to add the secret downloader. The remaining 19 apps became available after June and contained the downloader from the start.
By the time Google removed the apps in late November, they were being used to click endlessly on fraudulent ads. “Andr/Clickr-ad,” as Sophos has dubbed the family of apps, automatically started and ran even after a user force-closed them, functions that caused the apps to consume huge amounts of bandwidth and drain batteries.
The 22 apps listed by Sophos are:
Sparkle FlashLight, Snake Attack, Math Solver, ShapeSorter, Tak A Trip, Magnifeye, Join Up, Zombie Killer, Space Rocket, Neon Pong, Just Flashlight, Table Soccer, Cliff Diver, Box Stack, Jelly Slice, AK Blackjack, Color Tiles, Animal Match, Roulette Mania, HexaFall, HexaBlocks, PairZap
Cyber Security Tips:
Android users should be highly selective about the apps they install. Carefully reading reviews can sometimes help.