Google has removed these dangerous apps from its play store. However, according to Bitdefender’s report, 15 apps were still available by the end of research. Vapor Operation is a fraud campaign run by cyber criminals. Initially, it consisted of 180 apps, producing 200 million fake advertising requests every day.
Now this number has reached 331 apps, which are spread over a category like Health Trackers, QR Scanners, Notes Apps, and Battery Optimizers. These apps include Aquatracker, Clicksave Downloader, and Scan Hawk which have been downloaded over 1 million.
At the same time, Translatescan and Beatwatch apps are also included which have received 1 lakh to 5 lakh downloads. These apps were uploaded on Google Play Store between October 2024 to March 2025.
These apps were the most downloaded in Brazil, America, Mexico, Türkiye and South Korea. Even in countries like India, this technical information became a big threat to users keeping low.
In the beginning, these apps used to work just like advertising apps. Later, a dangerous code was sent from the command-end-control (C2) server through the updates. After installing, these apps disappeared their icon from the home screen to hide themselves.
Some apps changed their names to look like reliable apps like Google Voice. Once installed, these apps used to activate without any user interaction. By showing full-screen advertisement, they used to hang the phone. Used to steal information about Facebook, YouTube, and payment gateway by creating a fake login page.
Some apps showed false alerts that “your phone is infected with virus”, so that users are forced to download more malware. Many users complained that they got stuck in the ad loop, where they were redirected on the fake website when any button was pressed. Many apps were designed to steal bank details and passwords of users.
Published at: 23 Mar 2025 10:53 AM (IST)
