Reading Time: 2 minutes

Google Play Store is housing a bunch of malicious Android apps that consist of malware and adware and have been installed nearly 10 million times on phones.

The apps have been camouflaged as photo editing tools, system optimizers, virtual keywords, wallpaper changers, and whatnot. Instead, they push intrusive ads, hack social media accounts, and subscribe victims to premium services.

These malicious apps were discovered by Dr. Web’s antivirus team. They shed light on these fake apps in a report that was published today.

Although Google has removed most of these apps, three apps are still on the Play Store which can be downloaded and installed by unsuspecting people.

In case you’ve installed any of these malicious apps, you must uninstall them from your device manually and run an AV scan to ensure nothing’s left of them.

According to Dr. Web these adware apps were modified versions of existing malicious apps which first appeared in May 2022 on the Google Play Store.

If you’re to install any one of these apps, they’ll request permission to run in the background and then automatically add themselves to the battery saver’s exclusion list to continue running even when you quit the app.


Furthermore, they keep their icons hidden by replacing them with something similar to a core system component such as a SIM Toolkit.



One of the most notable apps that’s still out there on the Play Store is ‘Neon Theme Keyboard’ that has over millions of downloads despite the numerous negative reviews and a rating of 1.8.

One user specifically vented:

“This app “killed” my phone. It keep’d crashing , i couldn’t even enter password to unlock phone and uninstall it. Eventually, I had to make a complete wipe out (factory reset), to regain phone. DO NOT install this app !!!!”

Another batch of malicious apps included Joker apps on the Play Store. Such apps are capable of charging victims’ mobile number with frauds by subscribing them to premium services without their knowledge.

Two of such apps are ‘Water Reminder’ and ‘Yoga – For Beginner to Advanced,’ having over 100k downloads.

Although the two perform the promised functionalities, apart from that they also continue to perform in the background with other elements using WebView and incurring charges on the hacked users.


Dr. Web highlighted two Facebook account stealers that distributed these image editing tools which include applying cartoonish filters on images.

The two apps are ‘Pista – Cartoon Photo Effect’ and ‘YouToon – AI Cartoon Effect.’ Both apps have been downloaded over 1.5 million times from the Play Store.

Android malware are quite persistent as they find one way or another to get onto the Google Play Store. Sometimes, the apps manage to stay there for several months before they’re taken down. That’s why you mustn’t download any app by trusting it blindly.

It is always wise to go over user ratings and reviews before downloading any app. Also, ensure the developer of the app looks legit and go over their privacy policy. You should also note the permissions being requested while downloading and installing the app.

In addition, you can always rethink before downloading an app if its functionalities are necessary for you. Keeping the number of apps on your phone to a minimum is one way to keep yourself safe from malware.

Another safety tip is that you should ensure your Play Protect is active and keep a vigilant eye on your data usage along with battery consumption in order to timely identify any suspicious activities running in the background on your phone.