Google Play has removed apps with more than 20 million downloads because they were using excessive mobile data and draining batteries, says a report.

According to a report by McAfee, it identified new Clicker malware that sneaked into Google Play. In total, 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations.

“Once the application is opened, it downloads its remote configuration by executing an HTTP request. After the configuration is downloaded, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages,” McAfee wrote in a blog post.

“At first glance, it seems like well-made Android software. However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques,” it added.

Buy Me a Coffee

The security researchers notified Google that all the identified apps are no longer available on Google Play. Users are also protected by Google Play Protect, which blocks these apps on Android.

The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Cameras, Unit converters, and Task managers.

The FCM message has various types of information and that includes which function to call and its parameters.

READ
Android 16 Preview Now Open for Developers