These 16 malicious Android apps have over 20 million downloads — delete them now

Green skull on smartphone screen.
(Image credit: Shutterstock)

Despite Google’s best efforts, 16 malicious apps which contain the Clicker malware have managed to slip past the search giant’s defenses and end up on the Google Play Store.

According to a new blog post from McAfee, these bad apps, which masquerade as utilities like flashlights and calculators, have been downloaded over 20 million times from the Play Store. 

Fortunately, the cybersecurity firm’s researchers reached out to Google and all of the apps in question have since been removed from the Play Store. Still though, if you have any of them installed on your Android smartphone or tablet, you will need to delete them manually.

These malicious apps and the malware they contain aren’t capable of stealing your identity or your data but they do commit ad fraud in the background. The danger here is that when these apps visit sites to earn ad revenue, they’re draining your battery and this can also slow down your phone.

Delete these apps now

Here is the full list of all 16 malicious apps discovered by McAfee courtesy of The Hacker News. You may notice that there are multiple instances of Flashlight+ but these are actually distinct apps from different developers. You should manually remove them from your Android devices as soon as possible to avoid extra wear and tear on their batteries.

  • High-Speed Camera - 10,000,000+ downloads
  • Smart Task Manager - 5,000,000+ downloads
  • Flashlight+ - 1,000,000+ downloads
  • 달력메모장 (Calendar Notepad) - 1,000,000+ downloads
  • K-Dictionary - 1,000,000+ downloads
  • BusanBus - 1,000,000+ downloads
  • Flashlight+ - 500,000+ downloads
  • Quick Note - 500,000+ downloads
  • Currency Converter - 500,000+ downloads
  • Joycode - 100,000+ downloads
  • EzDica - 100,000+ downloads
  • Instagram Profile Downloader - 100,000+ downloads
  • Ez Notes  - 100,000+ downloads
  • 손전등 (Flashlight) - 1,000+ downloads
  • 계산기 (Calculator) - 100+ downloads
  • Flashlight+ - 100+ downloads

Hiding their malicious behavior

While these 16 malicious apps do what their listings on the Play Store describe, they also download a remote configuration by executing an HTTP request after you open them. However, they even register a Firebase Cloud Messaging (FCM) listener to receive push messages to commit ad fraud on your devices.

The cybercriminals behind this campaign use FCM messages to let the Clicker malware within the apps know which sites to visit for ad clicks. Not only does this eat up your data plan and drain your battery but it also earns revenue for the cybercriminals.

Since these apps are visiting sites in the background, you won’t actually be able to tell they’re doing this. Other malicious apps are far more dangerous but these ones put extra strain on the best Android phones when installed.

How to stay safe from malicious apps and mobile malware

A hand holding a phone securely logging in

(Image credit: Google)

When it comes to protecting yourself from malicious apps, you should avoid downloading apps that don’t come from official app stores like the Play Store, the Amazon App Store or the Samsung Galaxy Store. In this case, doing so wouldn’t have helped but in general, you want to avoid sideloading apps on Android even though doing so can be tempting.

If you do happen to download and install a malicious app, the best Android antivirus apps can help keep you protected. Likewise, you should ensure that Google Play Protect is enabled on your Android smartphone as it frequently scans all of your apps for malware.

Finally, if an app seems too good to be true, it probably is, which is why you should think carefully before installing any new apps on your devices.

Ad fraud is quite the profitable business for cybercriminals and for this reason, we will likely continue to see malicious apps that visit sites for clicks while draining your battery and slowing down your smartphone going forward. 

Next: See our Google Pixel 7 Pro vs iPhone 14 Pro Max face-off to see which flagship phone wins. 

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.