Multiple Android Performance Boosters Found to be Malware

  • Researchers discovered a new batch of Android adware and malware fetchers.
  • The apps have been downloaded by half a million users and were making money through ad-fraud.
  • Google has removed all of them from the Play Store, but many still have them installed on their phones.

Trend Micro reports about their recent discovery which involves several malicious apps for the Android platform. The apps were mainly performance boosters, device optimizers, and generic utility tools, and they were all available on the Google Play Store. According to the stats, the malicious batch was collectively downloaded by 470000 users, while the telemetry data indicates that the first activity of the particular campaign dates back to 2017! Google has removed the apps now, but since some people could still be holding them on their device, it is important to uninstall them now.

First of all, here is the list of malicious apps that need removal:

  • Speed Clean-Phone Booster
  • Shoot Clean
  • Super Clean Lite- Booster
  • Super Clean-Phone Booster
  • Quick Games-H5 Game Center
  • LinkWorldVPN
  • H5 gamebox
  • Rocket Cleaner
  • Rocket Cleaner Lite

malware apps
Source: Trend Micro Blog

The researchers have analyzed these apps and figured that they are capable of downloading up to three thousand malware variants and payloads. Some engage in ad-fraud to make a quick buck for their publishers, while others are configured to do more damage by stealing information by using the Anubis banking trojan. In some cases, the compromised devices are then used to submit fake reviews about the app on the Play Store, giving them a higher score and feeding the monster of deception.

In most cases, the user is tricked into approving the apps’ request for accessibility permissions, which end up in the deactivation of Google Play Protect and the security that comes with it. The same permission is used for the login step on new malicious apps using the user’s Google and Facebook accounts, which is required for the simulated clicks on the ads that take place in the background.

fake login
Source: Trend Micro Blog

By noticing the geographic distribution of the victims, the researchers figured that the only exception to the delivery of malicious payloads seems to be China. This could be an indication that the actors behind this campaign are of Chinese descent. As for who is paying the bigger price, Japan takes the lead by far with almost fifty thousand infections, Taiwan is second with almost six thousand, while the United States is third with 2500.

china
Source: Trend Micro Blog

To stay protected against this kind of threat, use a mobile security suite and avoid installing device performance boosters altogether. Even when these tools aren’t fetching malware, they are not doing much to help your device get any faster. Contrarily, they will make your smartphone feel a little bit sluggish at best.

Latest
How to Watch I Have Nothing Online Free from Anywhere
I Have Nothing is a Crave Original docu-comedy series following Carolyn Taylor and her attempt to choreograph a full-length pairs figure skating...
How to Watch Michael McIntyre’s The Wheel Season 4 Online Free from Anywhere
The Bafta-winning Michael McIntyre has returned with another season of The Wheel. Viewers can expect big laughs, huge stars, and heart-pounding thrills...
How to Watch Blankety Blank Season 3 (2023) Online Free from Anywhere
Blankety Blank is back in 2023, with Bradley Walsh guiding a panel of celebrities and contestants over multiple rounds of the quiz...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari