Cyber attacks come in many forms, some of which allow hackers to take control of your phone. Others steal personal information or sign you up for subscription services that are difficult to cancel. It’s not easy to tell if your phone has been hacked. Is someone watching everything you do? Tap or click here for some tips on diagnosing a hacked phone.
Last summer, we reported on hundreds of apps that have been removed from the Google Play Store and Apple’s App Store. And as we head into the fall, there’s no sign that things will change.
Cybersecurity researchers discovered about 90 malicious apps that had been downloaded more than 13 million times. We’ll show you how these dangerous apps work and how to avoid them.
This is not a game
A report from Satori Threat Intelligence and Research Team shows an alarming new crop of bad Android and iOS apps. These apps are an offshoot of the Poseidon ad fraud that the team first discovered in 2019.
This latest adaptation of Poseidon, called Scylla, uses new techniques and better protects the culprits behind the apps from discovery. The apps consist of games, but there is no fun to be had here.
Scylla’s weapon of choice is advertising fraud. These are the attack methods:
- App spoofing: Not only does the app fool the people who download it, but it also makes advertisers think it is a different type of application so that they place ads in it. For example, the malicious app pretends to be a very popular tool or pretends to be a streaming app to attract ad revenue. In this case, the Scylla apps contain code masquerading as other legitimate games.
- Out-of-Context Ads: Advertisements are shown unexpectedly, for example on your home screen. In Scylla’s case, apps can be activated by an action as simple as unlocking your phone.
- Hidden ads: These are ads that you won’t see, although the app counts them as “watched” so that the cyber criminals can earn more money from the companies that have placed the ads. The app tells ad platforms that it showed an ad to the user without ever actually doing it.
- False clicks: Advertisers place a high value on clicks, and the crooks know this. Code within the Scylla apps takes the information from your actual clicks (or taps, in the case of mobile phones) and passes that information on to advertisers as ad clicks.
The Satori team has worked closely with the Google Play Store and Apple App Store to ensure that all apps identified as part of the Scylla operation have been removed.
If you have any of the apps we’ve listed in the following tables, uninstall it now.
Remove these malicious apps from your iPhone
| Application name | File name |
| Loot the castle | com.loot.rcastle.fight.battle (id1602634568) |
| walkway | com.run.bridge.race (id1584737005) |
| Shining Gun | com.shinning.gun.ios (id1588037078) |
| Racing Legend 3D | com.racing.legend.like (id1589579456) |
| rope runner | com.rope.runner.family (id1614987707) |
| wood sculptor | com.wood.sculptor.cutter (id1603211466) |
| Firewall | com.fire.wall.poptit (id1540542924) |
| Ninja critical hit | wger.ninjacriticalhit.ios(id1514055403) |
| N/A | com.TonyRuns.game (N/A) |
Here’s how to remove an app from your iPhone:
- Tap and hold the app.
- Tap Delete App
- Tap Delete Appand then tap remove to confirm.
IMPORTANT: New iPhone and Android security features to enable
Remove these malicious apps from your Android phone
| Application name | File name |
| Super Hero-Save the World! | com.asuper.man.playmilk |
| Arrow Coins | com.arrow.coins.funny |
| parking master | com.ekfnv.docjfltc.parking.master |
| Lady Run | com.lady.dress.run.sexylady |
| Magic Brush 3D | com.magic.brush.gamesly |
| Shake Shake Sheep | com.shake.earn.sheep.causalgame |
| Number Combination: Colored Chips | com.yigegame.jyfsmnq.gg |
| Jackpot Scratcher-Win Real | com.physicswingsstudio.JackpotScrachers |
| Scratch Carnival | com.scratchers.jackpot.luckypiggy |
| Ztime: Earn Cash Rewards Easily | com.pocky.ztime |
| Billionaire Scratch | com.free.tickets.scratchers.Billionaire |
| Lucky Wings – Lotto Scratchers | com.free.scratchers.luckywings |
| Lucky Star: Lotto Scratch | com.free.tickets.scratchers.LuckyLotto |
| Shake Shake Pig | com.ldle.merge.free.coinspiggy |
| lucky money tree | com.ldle.merge.lucky.moneytree |
| Running and dancing | com.tick.run.and.dance |
| Lucky Scratchers: Lotto Card | com.lotto.bingo.lucky.scratch card |
| pull worm | com.pull.bugs.worm |
| Crowd Battle: Fight the bad guys | com.crowd.battle.goamy |
| Shoot Dummy – Win Rewards and Paypal Cash | com.shoot.dummy.fast.speed.linger |
| Find 10 differences | com.different.ten.spotgames |
| Find 5 Differences – New | com.find.five.subtle.differences.spot.new |
| dinosaur legend | com.huluwgames.dinosaur.legend.play |
| One line drawing | com.a.line.drawing.stroke.yuxi |
| Shoot Master | com.shooter.master.bullet.puzzle.huahong |
| Talent Trap – NEW | com.talent.trap.stop.everything |
| Shoot it: use gun | com.bullet.shoot.fight.gtommm.tom |
| Super Flake | com.chop.slice.flake2020 |
| five star slice | com.five.stars.slice |
| Sand Drawing | com.sand.drawing.newfight |
| Mr Dinosaur: Play your Dino | com.topggame.facego.finger.crazy.dino |
| Track slider New | com.track3d.sliding.new |
| Beat Kicker New | com.beat.kicker.two.game |
| Fill color 3D | com.cube.fill.color.paint.turn.fei |
| Live drawing | com.draw.live.milipop |
| Draw 1 trick | com.draw.one.line.stroke.xipi |
| fidget cubes | com.fidget.cubes.feel.like |
| girls fight | com.girls.fight.fly |
| Ninja assassin | com.knifeninja.assassin.dltc |
| Shooting Puzzle 2020 | com.my.bullet.shooting.man.hunter.youxi |
| Pulley Parkour | com.pul.parkour.bbroller |
| Chop Flake 3D | com.slice.chop.superslice3d |
| Weapon Fantasy | com.weapon.fantasy.games |
| Balloon Shooter | com.balloon.shooter.play |
| Musical recording | com.ltcmusical.fun2021 |
| Cut Paste | com.lvdiao.chop.slices.chef |
| Ninja Slice | com.slice.masked.games |
| Work now! | com.work.nu.sleep |
| bottle jump | com.bottle.jump.flip.challenge.fun |
| Corn Scraper | com.corn scraper.cut.pipe.siling |
| Inactive Woodmaker | com.idle.wood.maker.gametwo |
| Pop Girls Schooler | com.pop.girls.schooler |
| Romy Rush | com.romy.rushrun |
| spear hero | com.spear.super.man.hero |
| Dig away balls | com.dig.road.balls.play.games.ygygame |
| BOO Popstar | com.boostar.boo.popstar |
| Sign completeA | com.darwa.completea.ltca |
| Rush 2048 (3D Shoot Cubes) | com.rushcube.puzzle.block |
| Meet Camera | com.magicvcam.hdmeet.cam008 |
| Automatic Stamp Camera | com.stac.amper.qweaf |
| N/A | com.find.five.differences.lvye.xsl |
| N/A | com.mufc.zwxfb |
| Roll Turn | com.roll.turn.song.wusi.pt |
| Hide character | com.hiding.drawltc.games |
| Peter Shooting | com.ltc.peter.shoot.tslgame |
| Design and go | com.ltcdesign.nroad |
| Sign completed | com.ltcdraw.complete.fly |
| thief king | com.ltcking.thief.game.tsl |
| downhill race | com.downhill.race.redbull |
| Draw a war | com.draw.war.army |
| lifeguard | com.rescue.master.gear.mechanics.wushi |
| Rotate:Letter Roll | come.letter.roll.race |
| Helicopter Strike – NEW | com.helicopter.attack.shoot.sanba |
| Crush Car | com.crush.car.fly.delivery.lingjiu |
| Relx cash | com.tycmrelx.cash |
| War in painting | com.painting.war.inpaper |
| Extreme racing on the bike | com.bike.extreme.racing.bikegames |
| Player Spiral Maker 3D | com.player.spiral.maker.d3 |
| Match 3 tiles | com.blocks.tile.matching |
| 2048 Merge Cube – Win Money | com.cube.merge.shooter |
To remove an app from your Android phone, follow these steps:
- Open the Google Play Store app.
- Tap the in the top right Profile icon.
- Tap Manage apps and devices > To manage.
- Tap the name of the app you want to remove.
- Tap remove.
Tips to stay safe
- Enable Google Play Protect by going to Google Play Store > Profile > Play Protect > Settings and turn on Scan apps with Play Protect.
- Keep your phone up to date with the latest patches and fixes. We warn you about the ones on Komando.com. Tap or click here to try Kim’s free email newsletters to get the alerts straight to your inbox.
- Use two-factor authentication and password managers for better security. Tap or click here for details about 2FA.
- Only download apps from official app stores. Always go to the official source and double check that you are installing the correct app.
- Beware of apps that use a similar logo to other popular apps or have similar features. Also check reviews to see if others warn of suspicious activity.
- Watch out for permissions. Stay away if an app wants full access to your text messages or notifications.
- Get reliable antivirus software on all your devices. We recommend our sponsor TotalAV. Get an annual subscription of TotalAV Internet Security for just $19 at ProtectWithKim.com now. That’s over 85% off the regular price!
keep reading
Data-guzzling apps: these are the worst for your privacy
These 5 Malicious Chrome Extensions Have Been Installed 1.4 Million Times – Here’s How To Remove Them
0 Comments