A newly found Android malware was confirmed to have infected around 20 million users. The malware, dubbed Clicker, was sneaked into the Google Play Store using 16 different malicious applications.

The Clicker campaign

Researchers from McAfee disclosed that the malware is masquerading as legitimate utility tools to target Android phone users.
  • These tools include Flashlight (Torch), QR readers, Camera, Unit Converters, and Task Managers. 
  • At first glance, these apps may look like well-made Android software. However, they are hiding ad fraud features, equipped with remote configuration and Firebase Cloud Messaging (FCM) techniques. 
  • Once the user downloads and opens these applications, an HTTP request is sent to launch remote configurations, and eventually, the Clicker Android malware is downloaded.

Researchers highlight that the new Android malware is designed to disrupt the mobile advertising ecosystem. It enables its operators to generate revenue by displaying fraudulent ads on victims’ devices.

Attacks through legitimate apps escalate 

Besides targeting utility apps, threat actors are also leveraging social apps to steal users’ accounts and credentials.
  • In one incident, a fake version of the popular WhatsApp chat messenger, dubbed YoWhatsApp, was found circulating on the internet. The fake version claimed to offer additional features such as customizing the interface and blocking access to individual chats. However, it was nothing similar to the original version and instead stole access keys for users’ accounts.
  • In another case, Meta removed of over 400 malicious Android and iOS apps targeting Facebook users. The primary goal of these apps was to steal users’ login credentials.


Having security software installed on phones helps prevent such mobile threats. Users must avoid downloading apps from unofficial sources or use cracked software apps to protect themselves from attacks.
Cyware Publisher