Nine fake Android apps from the Play Store have been downloaded 470,000 times masquerading as performance optimization tools. In reality, they had fraudulent access to users’ Google and Facebook accounts. This is what is revealed by Trend Micro, a Japanese company specializing in cybersecurity.

The firm has indeed published a post to report malware targeting Android users from the Play Store. The strategy applied here is quite pernicious. The malware in fact hides in applications with names such as “Speed ​​Clean” or “Super Clean”. In other words, the idea is to pretend to be a tool capable of optimizing the performance of your smartphone by cleaning it from certain superfluous files.

Here are the 9 infected Android apps

App Name Package No. of Installs Shoot Clean-Junk Cleaner,Phone Booster,CPU Cooler com.boost.cpu.shootcleaner 10,000+ Super Clean Lite- Booster, Clean&CPU Cooler com.boost.superclean.cpucool.lite 50,000+ Super Clean-Phone Booster,Junk Cleaner&CPU Cooler com.booster.supercleaner 100,000+ Quick Games-H5 Game Center com.h5games.center.quickgames 100,000+ Rocket Cleaner com.party.rocketcleaner 100,000+ Rocket Cleaner Lite com.party.rocketcleaner.lite 10,000+ Speed Clean-Phone Booster,Junk Cleaner&App Manager com.party.speedclean 100,000+ LinkWorldVPN com.linkworld.fast.free.vpn 1,000+ H5 gamebox com.games.h5gamebox 1,000+

Instead of carrying out this task, the applications concerned will instead go to download up to 3000 variants of malware on infected smartphones and, thanks to this, they will be able to access the Google and Facebook accounts of the victims to conduct fraudulent advertising practices. The false cleaning tools will, among other things, display advertisements from legitimate platforms such as Google AdMob or Facebook Audience Network and then simulate clicks on the advertisements.

Fake apps also prompt users to give them permissions while disabling Play Protect, the security program in the Google Play Store. This allows them to download more and more fraudulent software without being spotted.

Finally, they can also use accessibility options to post fake comments and ratings to the Play Store to attract others to download them.

The affected apps have been removed from the Play Store by Google, but it is expected that the malware will resume the attack with other fake apps. The most affected countries are Japan, Taiwan, the United States, Thailand and India.