As mentioned earlier, all the affected apps performed legitimate functions like turning on the flashlight, reading QR codes and even helping users convert measurements. However, while these apps worked as they should, the only thing in common with them was that they silently downloaded additional code without the user’s explicit permission. This malicious code helped the developers of these apps to commit ad fraud.

Once the malicious code was downloaded, these apps used Google’s Firebase Cloud Messaging platform to repeatedly open specific websites in the background and click on advertising links, all without any user intervention. The code also allows these apps to mimic the behavior of a typical smartphone user. Moreover, the malicious code was also designed to do all of this discreetly without the smartphone user touching their phone. Below we have mentioned the names of all apps confirmed to have been affected by this malicious ad fraud.

  • Comfortable camera
  • smart task manager
  • Flash+
  • Memo calendar
  • WordBook
  • BusanBus
  • candle protest
  • Quick Note
  • Smart Currency Converter
  • Barcode
  • Ezdica
  • Instant application
  • Tingboard
  • flashlite
  • Calculate
  • ImageVault

Apart from helping the developers of these apps to earn illegal advertising money, this fraud scheme also led to increased data consumption and poor battery life on the affected devices. If you have any of these apps installed on your smartphone, now would be a good time to uninstall them.