Problems with third-party apps are nothing new. Most of these are either set up for phishing in an attempt to get hold of the user’s data, or in various ways spin advertisements when the user of the device does not even suspect that their smartphone is now working for the benefit of the attackers.

This time, 16 applications came into the field of view of McAfee researchers. Interestingly, their total number of downloads is more than 20 million. At first glance, the usual applications of calculators, QR code scanners, flashlights, notes, etc., should hardly be doing anything else.

But this selection of applications in the background opened pages on the Internet and inflate the number of advertising clicks:

“Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user’s behavior. This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware,” commented McAfee specialist Sang Ryol Ryu.

All found applications contained the com.liveposting library, which acted as an agent for actions hidden from the user, and another library,, was actually responsible for clicks on advertisements. So that the actions of the applications were not immediately noticed by the user, they had a delay of one hour after installation on the smartphone.

It is worth noting that some of these applications had a considerable number of downloads, which were measured in the hundreds of thousands, where the leaders even reached 5 and 10 million. The list of these applications is as follows:

16 apps with a total of more than 20 million downloads were removed from Google Play due to advertising fraud

A Google spokesperson said that all applications have been removed from Google Play. Also, thanks to Google Play Protect, they will be blocked on user devices.