Millions of Android devices infected with wallet-depleting malware


Researchers have discovered another batch of seemingly innocent Android apps that are actually designed to push malware onto devices. (opens in a new tab)and raking in the expenses of unsuspecting victims.

The latest batch included wallpaper apps, keyboards, photo editors, video editors and occasional cache cleaner or system maintenance apps, was discovered by Dr. Web antivirus (opens in a new tab) team, and have over 10 million downloads between them.

A total of 28 apps were found on the Google Play Store, having successfully circumvented Google’s strict security policies.

Hacked Android Apps

As for damages, the practice is more or less the same. Once installed, most apps will try to hide themselves, changing their appearance in the app drawer to that of a system app. In this way, they hope that users will be discouraged from uninstalling them. Then the apps would push advertisements and try to sign up the victim to various premium services, to garner additional expenses.

None of this would have been possible if users hadn’t granted apps the necessary permissions. Even though the apps are simple in design (and actually do what they are advertised to do), they often ask users for advanced permissions, such as permission to be excluded from the battery saver feature, so that they can remain operational in the background even when terminated by the user – which in itself is a major red flag.

Most apps have already been removed from the Play Store, but three remain. Yet, even though all the apps were removed, they were still downloaded millions of times, and until all the victims delete them from their devices, they will continue to be a threat.

Since malicious apps are able to hide in plain sight, downloading exclusively from known sources is no longer the only advice. Users should also read reviews, as they are a good indicator of the legitimacy of apps. Also, be sure to check for plenty of reviews, as sometimes threat actors can spoof some of them. If an app only has a handful of reviews, it’s best to stay away.

Here is the full list of malicious applications discovered by researchers:

  • Photo editor: beauty filter (gb.artfilter.tenvarnist)
  • Photo editor: retouch and crop (de.nineergysh.quickarttwo)
  • Photo editor: artistic filters (gb.painnt.moonlightingnine)
  • Photo Editor – Design Creator (gb.twentynine.redaktoridea)
  • Photo editor and background eraser (de.photoground.twentysixshot)
  • Photo & Exif Editor (de.xnano.photoexifeditornine)
  • Photo Editor – Filters Effects (de.hitopgop.sixtyeightgx)
  • Photo filters and effects (de.sixtyonecollice.cameraroll)
  • Photo Editor: Blur Image (de.instgang.fiftyggfife)
  • Photo Editor: Cut, Paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers and GIFs (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (
  • Neon Theme – Android Keyboard (
  • Cashe Cleaner (
  • Fancy Loading (
  • FastCleaner: Cashe Cleaner (
  • Call Skins – Caller Themes (
  • Funny Caller (
  • CallMe Phone Themes (
  • InCall: contact background (
  • MyCall – Call Personalization (
  • Caller theme (com.caller.theme.slow)
  • Caller theme (com.callertheme.firstref)
  • Funny Wallpapers – Live Screen (
  • Auto Wallpaper Changer 4K (de.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (
  • Wallpapers and Backgrounds (de.stockeighty.onewallpapers)
  • Notes – reminders and lists (
  • Stay safe by deploying state-of-the-art firewalls (opens in a new tab) today

Going through: BeepComputer (opens in a new tab)


Comments are closed.