The impact on the device can be reduced performance, overheating, increased battery usage and inflated mobile data bills.
All 16 of these apps have been removed from Google Play following the McAfee report. Yet they still amass 20 million installs.
The most disgusting of them all is DxClean, which was installed 5 million times before being removed. It has relatively good user reviews overall, with 4.1 out of 5 stars.
Posing as a system cleaner and optimizer, DxClean does the exact opposite in the background while promising to detect the cause of system slowdowns and stop ad harassment.
Features of Clicker Apps
Once launched, apps download their configuration from a remote location via HTTP requests, and then register an FCM (Firebase Cloud Messaging) listener to receive push messages.
These messages contain instructions to the clicker, such as which functions to call and which parameters to use.
“The latent functionality starts to work when an FCM message is received and certain conditions are met,” McAfee explained in the report.
The researchers added: “Mainly visiting websites that are messaged by FCM and continuously browsing these websites in the background, while also mimicking the user’s behavior.”
The automatic click functionality is handled by the “click.cas” component, and the proxy that manages the adware hidden service is “com.liveposting”.
The McAfee analyst pointed out that the liveposting SDK can also function independently and may only create ad impressions, but recent versions of the app have both libraries.
To stay below the user’s radar, malicious actions don’t start within the first hour after installing the app, but only when the user is actively using the device.
To discover if such apps exist on the device, users can do so by checking battery and internet usage. If the system has not been used for a period of time, then there is no reason for high battery consumption and increased mobile data consumption.