Eight Android apps with more than 2 billion downloads in the Google Play store have been engaging in fraudulent ad practices, BuzzFeed News reported today. Seven of the apps are owned by Cheetah Mobile, a publicly-traded Chinese company, and one app is owned by Kika Tech, a Chinese company headquartered in Silicon Valley. The two companies have been found to abuse app permissions in order to monitor new downloads and hijack app-install bounties that could range in the millions of dollars, according to app analytics firm Kochava.

While the scheme involved monitoring users’ behavior, it was ultimately used to rip off app developers, who pay a fee to partners when they drive users to install new apps. In a normal installation process, downloaded apps will check which link or ad the user clicked on to see where to attribute the download. These apps would reportedly monitor for new downloads, then claim credit for the installation regardless of where the last click came from or which publisher served the ad. In some cases, Cheetah Mobile’s apps were programmed to launch the newly downloaded apps themselves in order to get credit for the installation, according to the report.

The Cheetah Mobile apps suspected of engaging in ad fraud are Clean Master, CM File Manager, CM Launcher 3D, Security Master, Battery Doctor, CM Locker, and Cheetah Keyboard, several of which have been downloaded millions of times, and even promoted by Google Play as “go-to apps.” Cheetah Mobile, which already has a reputation for making crapware that are given identical names to popular apps in order to trick users into downloading them, has also faced allegations of fabricating its traffic and revenue numbers and buying user reviews.

Cheetah mobile has a long, long history of sketchy practices

Kika Tech’s Keka Keyboard app was also found to have employ similar tactics to claim referral credits. The keyboard required users to give permission for it to read what was being typed, then monitored for install bounties for apps based on what the user searched. Though both app makers have denied the allegations, suggesting third-party SDKs to be behind the click injections, the claim was disputed by Kochava, which discovered that only the companies’ proprietary SDKs were engaged in the fraudulent practices.

Today’s findings are just the latest in a recent string of Google Play ad fraud, as an October BuzzFeed News report found that over 125 Android apps were drawn into a massive fraud scheme that saw over $10 million stolen from fake views from advertisers. The report led to Google removing many of the apps from the Play store, and just last week, the company pulled 13 apps containing malware that were downloaded half a million times. Google told BuzzFeed News that it’s still investigating Cheetah Mobile and Kika Tech, but hopefully the company will continue its streak of pulling the plug on fraudulent app makers.

Update 11/27/18 12:42pm ET: Two of Cheetah Mobile’s apps, Battery Doctor and CM Locker, have been removed from the Play store. Google has yet to respond to a request for comment.