Recently, researchers at Sophos, a professional IT security and protection company, have once again discovered malware that downloads files without the user’s permission and eventually exhausts the phone’s power. So far, 22 malware have been removed from the Google Play store.

These Android apps are disguised as legitimate software and even provide users with some useful features in some cases. Among them, a flashlight application called Sparkle is most popular among users and its downloads have reached more than 1 million times.

According to Sophos’ IT security researchers, the Sparkle flashlight app has been updated since March of this year and the new app includes a hidden file downloader. It works without the user’s knowledge, can download files from an external server without the user’s permission and can force users to click on hidden ad links to generate revenue for the criminals behind the attack.

Sophos categorizes malware in the app as “Andr-Clickr-ad” – even if the user forces the app to close, they will automatically run on the user’s phone. Because these applications are constantly processing the information that is automatically sent, the battery power is quickly drawn out, and long-term operation will seriously impair the endurance of the user’s mobile phone and shorten the battery life.

In the end, these apps have brought real profits to cybercriminals with the help of advertising and they have also caused great harm to users. On November 25th, Google removed all 22 apps from the Play Store, but it’s unclear whether they were removed remotely from the mobile device on which they were installed.

Below is a complete list of these 22 apps. If you have these apps installed on your phone, please delete them now:

In 2014, a threat assessment report showed that the top ten search keywords in the Play Store were “flashlights” and the number of keyword-related apps downloaded was amazing, but the software was far more functional than The basic requirements of the flashlight app.

In addition, the report also emphasizes that a large part of these applications have been stealing personal data stored by users on smartphones.

Tripwire’s chief technology officer, Dwyane Melanson, said: “Before causing actual losses, users often say that these functional software are brought from game stores or third-party platforms. They just meet some of the user’s use. Demand and for the so-called security warnings, choose to turn a blind eye. They don’t realize that the authors of these applications may be an unknown, untrusted organization.”

This is not the first time a game or app on the Play Store has been infected with malware and is being used for profit.

Prior to this, Android malware BankBot successfully infected more than 160 legitimate applications in the Google App Store, and its new variants mainly targeted 27 national banking institutions to launch attacks, including 10 victim organizations from the UAE.

On the Android platform, it seems that the “stage” for these malware has been built, which seems to be inextricably linked to the open and compatible platform attributes of the Android system.

In fact, today, with various advertisements and prompt information flooding the information platform, users have become numb to the “warning to not download applications from unknown or trusted sources.”

Brigham Young University research team has done such an experiment: 200 participants wear the brain activity sensor and operate the mobile phone. When the screen pops up the relevant information prompt, the sensor records the activity state of the cerebral cortex at this time and infers the participants

People will ignore software safety warnings in 90% of cases. Among them, 74% of people will choose to ignore after seeing the safety warning; 87% will ignore the warning when they enter the confirmation code.

The report shows that almost all participants have classified security warnings into the same category, because the fact that the information jumps out itself has an impact on what the current user is doing, even if it is simply watching the video.

After the incident, Google officially posted on Twitter calling on mobile phone users to pay attention to security warnings from the operating system and be alert to third-party applications.