Google Play Store and Apple App Store security warning issued over malicious apps: “Remove them”

Cyber ​​security researchers have issued a warning to smartphone users over a number of malicious apps that have been downloaded millions of times from the Google Play Store and Apple App Store.

Researchers from Human Security Satori’s threat intelligence team sounded the alarm in a new report that revealed around 80 different Android apps were involved in an advertising fraud operation.

WATCH THE VIDEO ABOVE: Optus to foot bill for data breach.

Watch the latest news on Channel 7 or stream for free on 7plus >>

The cyberattack dates back to 2019, but experts believe the threat has since expanded, with nine apps now linked to the App Store.

The threat involves cybercriminals using bots to exploit advertising platforms and advertisers to defraud people.

More than 13 million downloads of the apps have been recorded, and Human Security warns that the attack is ongoing.

“HUMAN and the Satori team continue to pursue the operation and its perpetrators,” it said, adding that the apps have since been removed from app stores.

“Remove Them”

The advice to smartphone users with any of the apps listed below is: “remove them”.

“Although HUMAN monitors the threat actors, they can update the apps to change how they work, so removing the apps is the best option,” researchers said.

“Consider mitigating the risk of running dangerous apps by considering the source of the application and the trustworthiness of the brands involved.

“Secondary marketplaces, sideloaded or ‘cracked’ applications can be much higher risk.”

Malicious iOS apps

These apps have since been deleted from the App Store, but iOS users can have them on their devices.

• Loot the castle (com.loot.rcastle.fight.battle)
• Run Bridge (com.run.bridge.race)
• Shiny gun (com.shinning.gun.ios)
• Racing Legends 3D (com.racing.legend.like)
• Rope Runner (com.rope.runner.family)
• Wood sculptor (com.wood.sculptor.cutter)
• Firewall (com.fire.wall.poptit)
• Critical Ninja Hit (wger.ninjacriticalhit.ios)
• com.TonyRuns.game

Malicious Android apps

These apps have since been deleted from the Google Play Store, but Android users can have them on their devices.

• Roll Turn (com.roll.turn.song.wusi.pt) – 1,000,000+ downloads
• Smash car (com.crush.car.fly.delivery.lingjiu) – 1,000,000+ downloads
• Superhero – Save the World! (com.asuper.man.playmilk) – 1,000,000 downloads
• Find 10 differences (com.different.ten.spotgames) – 1,000,000 downloads
• Dinosaur legend (com.huluwagames.dinosaur.legend.play) – 1,000,000 downloads
• A line drawing (com.one.line.drawing.stroke.yuxi) – 1,000,000 downloads
• Shoot Masters (com.shooter.master.bullet.puzzle.huahong) – 1,000,000 downloads
• Talent trap – NEW (com.talent.trap.stop.all) – 1,000,000 downloads
• Find 5 Differences – New (com.find.five.subtle.differences.spot.new) – 1,000,000
• Helicopter attack – NEW (com.helicopter.attack.shoot.sanba) – 500,000+ downloads
• Arrow coins (com.helicopter.attack.shoot.sanba) – 500,000 downloads
• Parking Master (com.ekfnv.docjfltc.parking.master) – 500,000 downloads
• Shoot it: Use gun (com.bullet.shoot.fight.gtommm.tom) – 500,000 downloads
• Super Flake (com.chop.slice.flake2020) – 500,000 downloads
• Five star disc (com.five.star.slice) – 500,000 downloads
• True drawing (com.sand.drawing.newfight) – 500,000 downloads
• Mr Dinosaur: Play your Dino (com.topggame.facego.finger.crazy.dino) – 500,000 downloads
• Track sliding New (com.track3d.sliding.new) – 500,000 downloads
• Peter Shoot (com.ltc.peter.shoot.tslgame) – 100,000+ downloads
• The Thief King (com.ltcking.thief.game.tsl) – 100,000+ downloads
• Spin: Letter scroll (come.letter.roll.race) – 100,000+ downloads
• Relx cash (com.tycmrelx.cash) – 100,000+ downloads
• Lady Run (com.lady.dress.run.sexylady) – 100,000 downloads
• Magic Brush 3D (com.magic.brush.gamesly) – 100,000 downloads
• Shake Shake Sheep (com.ldle.merge.free.coinspiggy) – 100,000 downloads
• Number combination: Colored chips (com.yigegame.jyfsmnq.gg) – 100,000 downloads
• Ztime: Earn cash rewards easily (com.pocky.ztime) – 100,000 downloads
• Lucky Wings – Lotto Scratchers (com.free.scratchers.luckywings) – 100,000 downloads
• Shake Shake Pig (com.ldle.merge.free.coinspiggy) – 100,000 downloads
• Lucky Money Tree (com.ldle.merge.lucky.moneytree) – 100,000 downloads
• Run and dance (com.tap.run.and.dance) – 100,000 downloads
• Beat Kicker New (com.beat.kicker.two.game) – 100,000 downloads
• Fill color 3D (com.cube.fill.color.paint.turn.fei) – 100,000 downloads
• Draw Live (com.draw.live.milipop) – 100,000 downloads
• Draw 1 stroke (com.draw.one.line.stroke.xipi) – 100,000 downloads
• Fidget Cubes (com.fidget.cubes.feel.like) – 100,000 downloads
• Girls fight (com.girls.fight.fly) – 100,000 downloads
• Ninja Assassin (com.knifeninja.assassin.dltc) – 100,000 downloads
• Shooting Puzzle 2020 (com.my.bullet.shooting.man.hunter.youxi) – 100,000 downloads
• Pulley Parkour (com.pul.parkour.bbroller) – 100,000 downloads
• Chop Flake 3D (com.slice.chop.superslice3d) – 100,000 downloads
• Weapon fantasy (com.weapon.fantasy.games) – 100,000 downloads
• Bike Extreme Racing (com.bike.extreme.racing.bikegames) – 50,000+ downloads
• Player Spiral Maker 3D (com.player.spiral.maker.d3) – 50,000+ downloads
• Scratch Carnival (com.scratchers.jackpot.luckypiggy) – 50,000 downloads
• Billionaire Scratch (com.free.tickets.scratchers.Billionaire) – 50,000 downloads
• Lucky Star: Lotto Scratch (com.free.tickets.scratchers.LuckyLotto) – 50,000 downloads
• Balloon shooter (com.balloon.shooter.play) – 50,000 downloads
• Musical shooting (com.ltcmusical.fun2021) – 50,000 downloads
• Chop slices (com.lvdiao.chop.slices.chef) – 50,000 downloads
• Ninja Slice (com.slice.masked.games) – 50,000 downloads
• Work now! (com.work.now.slack) – 50,000 downloads
• The drawing is complete (com.ltcdraw.complete.fly) – 10,000+ downloads
• Draw a war (com.draw.war.army) – 10,000+ downloads
• Match 3 tiles (com.blocks.tile.matching) – 10,000+ downloads
• 2048 Merge Cube – Win money (com.cube.merge.shooter) – 10,000+ downloads
• Pull the worm (com.pull.bugs.worm) – 10,000 downloads
• Shoot Dummy – Win Rewards and Paypal Cash (com.shoot.dummy.fast.speed.linger) – 10,000
• Bottle jump (com.bottle.jump.flip.challenge.fun) – 10,000 downloads
• Corn scraper (com.corn.scraper.cut.pipe.siling) – 10,000 downloads
• Idling wood machine (com.idle.wood.maker.gametwo) – 10,000 downloads
• Pop Girls Schooler (com.pop.girls.schooler) – 10,000 downloads
• Romy Rush (com.romy.rushrun) – 10,000 downloads
• Spear hero (com.spear.super.man.hero) – 10,000 downloads
• Hide drawing (com.hiding.drawltc.games) – 5000+ downloads
• Downhill race (com.downhill.race.redbull) – 5000+ downloads
• Jackpot Scratcher Win Real (com.physicswingsstudio.JackpotScratchers) – 5000 downloads
• Dig road balls (com.dig.road.balls.play.games.ygygame) – 5000 downloads
• Crowd Battle: Fight the bad guys (com.crowd.battle.goamy) – 5000 downloads
• Design n Road (com.ltcdesign.nroad) – 1000+ downloads
• Rescue Master (com.rescue.master.gear.mechanics.wushi) – 1000+ downloads
• Lucky Scratchers: Lotto cards (com.lotto.bingo.lucky.scratcher) – 1000 downloads
• BOO Popstar (com.boostar.boo.popstar)- 1000 downloads
• Draw complete A (com.darwa.completea.ltca)- 1000 downloads
• War in painting (com.painting.war.inpaper) – 100+ downloads
• Rush 2048: 3D Shoot Cubes (com.rushcube.puzzle.block) – 100 downloads
• Auto stamp camera (com.stac.amper.qweaf) – 100+ downloads
• Meet Camera (com.magicvcam.hdmeet.cam008) – 0 downloads
• com.find.five.differences.lvye.xslnow
• com.mufc.zwxfbnow

Once downloaded, the malicious apps affect other apps to make them record fake impressions for digital ads and can even track users’ data.

The apps may also cause out-of-context ads to appear, for example on a user’s home screen, where it should not display and play hidden ads that users cannot detect.