New Android malware apps 10 million installs from Google Play – BleepingComputer | Hot Mobile Press

A new batch of malicious Android apps full of adware and malware was found in the Google Play Store, with almost 10 million installs on mobile devices.

The apps act as photo editing tools, virtual keyboards, system optimizers, wallpaper changers and more. However, their underlying function is to deliver intrusive advertisements, subscribe users to premium services and steal victims’ social media accounts.

The discovery of these malicious apps comes from Dr. Web Antivirus team that highlighted the new threats in a report published today.

Google has removed the vast majority of the featured apps, but at the time of writing, three apps are still available to download and install through the Play Store.

If you installed any of these apps before they were removed from the Play Store, you still need to manually uninstall them from your device and run an AV scan to remove any remnants.

The new malicious Android apps

The one from Dr. Adware apps detected on the web are modifications of existing families that first appeared on the Google Play Store in May 2022.

On installation, the apps request permission to overlay windows on each app and can add themselves to the low-power mode exclusion list, allowing them to continue running in the background when the victim closes the app.

Malicious apps that request to be locked out of sleep mode
Malicious apps that request to be locked out of sleep mode (Dr Web)

Also, they hide their icons from the app drawer or replace them with something resembling a core system component, like “SIM Toolkit”.

Attempt to fool users with symbol substitutions
Attempt to fool users with symbol substitutions (Dr Web)

The full list of adware apps can be found at the end of the article, but a notable example on Play Store is still “Neon Theme Keyboard” which has over a million downloads despite the 1.8 star rating and many negative reviews.

“This app “killed” my phone. It kept crashing, I couldn’t even enter the password to unlock the phone and uninstall it. Eventually I had to do a full wipe (factory reset) to fix the phone DO NOT , INSTALL THIS APP!!!!”, read a review of the app on Google Play Store.

One of the adware-hiding apps
One of the adware-hiding apps

The second category of malicious apps on Play Store are joker apps, which are known for charging fraudulent charges on victims’ cellphone numbers by subscribing to premium services.

Two of the listed apps, “Water Reminder” and “Yoga – For Beginner to Advanced” are still on the Play Store and have 100,000 and 50,000 downloads respectively.

Two of the trojanized apps still in the Play Store
Two of the trojanized apps still in the Play Store

Both offer the functionality promised, but also perform malicious actions in the background, interact with invisible or blurry elements loaded via WebView, and charge users.

Finally, Dr. Web highlights two Facebook account thieves that are prevalent in image editing tools that apply cartoon filters to regular images.

These apps are YouToon – AI Cartoon Effect and Pista – Cartoon Photo Effect which together have been downloaded over 1.5 million times through Play Store.

Very popular image editor that is actually a Facebook stealer
Very popular image editor that is actually a Facebook stealer (Dr Web)

BleepingComputer has contacted Google about the malicious apps remaining in the Play Store, but has not yet received a response.

Stay safe on the Google Play Store

Android malware will always find a way to sneak into the Google Play Store, and sometimes apps can stay there for several months, so don’t trust any app blindly, don’t trust any app blindly.

That’s why it’s important to check user reviews and ratings, visit the developer’s website, read the privacy policy, and pay attention to the requested permissions during installation.

Also, always ask yourself if the promised functionality is necessary for you, as it is a reliable way to keep the number of apps on your phone to a minimum to reduce the chances of malware infections.

Finally, make sure Play Protect is active on your device and regularly monitor your internet data and battery usage to identify suspicious processes running in the background.

As mentioned above, users should also check if they have any of the following Android adware apps installed on their devices and if so, remove them manually and scan for viruses.

  • Image editing: beauty filter (gb.artfilter.tenvarnist)
  • Image editing: retouching & cropping (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.paint.moonlightingnine)
  • Photo Editor – Design Maker (gb.twentynine.redaktoridea)
  • Photo Editor & Background Eraser (photoground.twentysixshot)
  • Photo and Exif Editor (en.xnano.photoexifeditornine)
  • Photo Editor – Filter Effects (hitopgop.sixtyeightgx)
  • Photo Filters & Effects (en.sixtyonecollice.cameraroll)
  • Image editing: blur image (de.instgang.fiftyggfife)
  • Image editing: cut, paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (
  • Neon Theme – Android Keyboard (
  • Cashe Cleaner (
  • Failed charging (
  • FastCleaner: Cashe Cleaner (
  • Call Skins – Caller Themes (
  • Funny Caller (
  • CallMe Phone Themes (
  • InCall: Contact Background (
  • MyCall – Call Personalization (
  • Caller Theme (com.caller.theme.slow)
  • Caller theme (com.callertheme.firstref)
  • Funny Wallpapers – Live Screen (
  • 4K Backgrounds Auto Changer (en.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (
  • Wallpapers & Backgrounds (stockeighty.onewallpapers)
  • Notes – Reminders and Lists (

Leave a Comment