Android and iOS adware apps downloaded 13 million times — delete these apps now

Green skull on smartphone screen.
(Image credit: Shutterstock)

Adware and other malicious apps often manage to slip past Google’s defenses and end up on the Play Store, but this time around, some bad apps also managed to bypass Apple’s more stringent security checks and make it onto the App Store.

As reported by BleepingComputer and first discovered by HUMAN’s Satori Threat Intelligence team, 75 Android apps and 10 iOS apps were found to be engaging in ad fraud. In total, these adware apps have been installed 13 million times.

Besides bombarding mobile users with visible and even hidden ads, these malicious apps also managed to generate revenue by impersonating legitimate apps on both app stores.

Delete these apps now

While all of the apps detailed in HUMAN’s new report have since been removed from the Google Play Store and Apple App Store, if any of them are installed on your devices, you should delete them immediately. Here are some of the adware apps in question; you can find the rest by taking a look at the full report.


  • Loot the Castle
  • Run Bridge
  • Shining Gun
  • Racing Legend 3D
  • Rope Runner
  • Wood Sculptor
  • Fire-Wall
  • Ninja Critical Hit
  • Tony Runs


  • Super Hero-Save the world!
  • Spot 10 Differences
  • Find 5 Differences
  • Dinosaur Legend
  • One Line Drawing
  • Shoot Master
  • Talent Trap

From Poseidon to Scylla

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

According to HUMAN’s security researchers, these new adware apps are part of a fraud campaign they’ve dubbed "Scylla." However, researchers believe that this group of apps is actually the third wave of a larger operation they found back in 2019 and named "Poseidon." Meanwhile, the second wave of bad apps were given the name "Charybdis" and were discovered near the end of 2020.

Fortunately, HUMAN has reached out to both Google and Apple and all of the adware apps in question have now been removed from the Play Store and App Store.

If you have one of the best Android phones, enabling Google Play Protect will delete these apps automatically. It’s a different story with the best iPhones though, as Apple doesn’t provide clear guidance on how to remove adware apps after they’ve been installed. To this end, HUMAN recommends users delete these bad apps manually.

How to stay safe from adware and other bad apps

Adware and malicious apps can be used to infect your devices with malware or even to steal your identity. For this reason, you need to exercise caution when downloading any new app even if it has a high rating and great reviews.

Before downloading an app from the App Store or Play Store, you should look for external reviews online to see if it’s legitimate. Video reviews are even better (if they’re available) since you can see the app in action before installing it on your device.

In addition to enabling Google Play Protect, Android users may also want to consider installing one of the best Android antivirus apps on their smartphone for extra protection. For those who have installed a malicious app, it could be worth investing in the best identity theft protection as well.

While Apple is known for more rigorously checking apps before they are allowed onto the App Store, bad apps can manage to slip past the company's defenses. This is why you should avoid installing any app that seems too good to be true. At the same time, you should only install apps from reputable developers with a proven track record. The same goes for Android users that don’t want to fall victim to malware or other attacks.

Next: For other nasty things to be aware of check out how older Samsung phones could be hiding a dangerous battery problem. But if you something a little lighter, then follow our Amazon hardware event live blog for a ton of product announcements today! 

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.