PSA: Security researchers have recently uncovered more than two dozen Android malware apps that have become popular on the Google Play Store. They masquerade as harmless tools, secretly tracking users and stealing their information. Google has removed most of them, but they probably remain installed on many devices.

- Advertisement -

Dr.Web security group this week published in its June 2022 Mobile Virus Activity Report, which describes about 30 popular Android apps containing Trojans, adware, spyware, and other malware. Some have had hundreds of thousands or even millions of downloads from the Google Play Store.

- Advertisement -

Malicious apps are mainly photo editors, theme tweakers, and wallpaper apps. The list also included an emoji keyboard and a note-taking app that hides malware in its code.

Once users install them, they will display intrusive ads, deceive customers and get information from devices, hiding themselves from users. One is specifically designed for WhatsApp messages. Another steals information from other app notifications, downloads additional software, or prompts users to install other apps.

- Advertisement -

Others are even more vicious, including one that secretly takes videos and photos. Another allows hackers to read device texts, track its location, view browser history, turn on the microphone, log keystrokes, and access other data.

Dr. Web also describes malware that steals information to hack into Facebook accounts. They can ask victims to enter authentic Facebook login requests before intercepting the input. Another type of malware hiding in rogue apps downloads and runs arbitrary code that secretly enrolls users into paid subscriptions.

Some apps provide their advertised features by hacking users under the hood. However, others are completely fake, such as fake dating services that ask for personal information and a subscription fee to continue fake chats.

Some of the malware consists of adware that displays annoying ads. They show various notifications and load full-screen ads that completely block other applications.

Once downloaded, these rogue apps may request various permissions, allowing them to surreptitiously track users and steal data. These include hints for running continuously in the background, displaying on top of other apps, or turning off recording notifications. Applications can also replace their original main menu icons with less visible ones so they can be hidden.

Google removed almost all affected apps after Dr. Web notified the company, but some of them are still in the Play Store. Dr.Web publicly published full list bad apples (example below). If you have installed them, you must manually find them, remove them, and then run a virus scan.

  • Photo editor: retouch and cut (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  • Photo editor and background eraser (de.photoground.twentysixshot)
  • Photo editor and Exif (de.xnano.photoexifeditornine)
  • Photo Editor – Filter Effects (de.hitopgop.sixtyeightgx)
  • Emoji Keyboard: Stickers & GIFs (gb.crazykey.sevenboard)
  • Neon Theme – Android Keyboard (
  • Fancy Charging (
  • FastCleaner: Checkout Cleaner (
  • Call Skins – Caller Themes (
  • Funny Caller (