Malicious Utility Apps

Researchers discovered several optimizer, utility, booster apps in Google Playstore and download as many as 3,000 malware variants or malicious payloads to perform various malicious activities including ad fraud and other malicious activities.

Malicious apps on Google play are not new, Cybercriminals keep targeting Android users due to over-popularity.

The adware programs will tend to serve unwanted advertisements on your mobile phone and computer. The adware can be included with some apps in a legitimate way to generate revenue.

These apps communicate with the command and control server to download and install the malware and also push malicious ads on the customer’s device.

Malicious Utility Apps

These malicious utility apps that are supposed to speed-up & clean the Android devices found to be downloaded more than 470,000 times.

According to the Trend Micro report, the malicious apps campaign is active since 2017 and more than 3,000 malware variants were detected.

Malicious Utility Apps
Malicious Apps List

Once the apps get installed, it won’t show the app icons in the launcher and the attackers use the affected devices to post fake reviews and also for clicking the ads pop up.

These apps claim to provide features such as speed clean & VPN to boost the device performance and anonymity, but after installation, they use to pop-up the ads only.

Researchers also observed that malicious apps are capable of launching ” a transparent activity background to hide malicious content from the user.”

Also, these apps once installed on the device connect with a remote server and registers the new malicious device.

These apps are also capable of uses accessibility functions to log in users with other apps by using their Google and Facebook accounts.

The campaign primarily targets the following countries including Japan, Taiwan, the United States, India, and Thailand and Chinese users are excluded.

Here You can find the list of apps, now the apps have been removed from the Google Play.

App NamePackageNo. of Installs
Shoot Clean-Junk Cleaner,Phone Booster,CPU Coolercom.boost.cpu.shootcleaner10,000+
Super Clean Lite- Booster, Clean&CPU Coolercom.boost.superclean.cpucool.lite50,000+
Super Clean-Phone Booster,Junk Cleaner&CPU Coolercom.booster.supercleaner100,000+
Quick Games-H5 Game,000+
Rocket Cleaner,000+
Speed Clean-Phone Booster,Junk Cleaner&App,000+,000+

Indicators of Compromise





You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Also Read

Faketoken – Android Banking Malware Top-up Infected Mobile Devices to send Offensive SMS Messages

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.