‘70 Million Downloads’—Delete Every App That’s On This List
You have been warned — these apps are fake
Google has deleted hundreds more “fraudulent; apps that were “quietly flooding Play Store.” Those apps amassed more than “70 million downloads,” and so it’s critical you delete them from your phones as well to prevent any more damage.
This latest report comes courtesy of IAS Threat Lab researchers, and they have dubbed the attack “Mirage.” It follows on from the team’s discovery in May that “as many as 2.5 million dangerous apps were being installed each and every month.”
Just as with those “Vapor” attacks, the newer “Mirage” campaign centers on delivering “aggressive, out-of-context ads to millions of unsuspecting users.” The attack is enabled by “sophisticated cloaking techniques, bot-driven fake installs, and a sprawling network of recycled developer accounts.” It’s an industry generating millions of dollars.
As I warned earlier this month, while ad fraud itself is painful rather than dangerous, once this malware tricks its way onto your phone it can morph into other purposes. Attackers fork such software to deliver more nefarious objectives, including credential theft, data exfiltration and even spyware.
IAS says the “Vapor” fraud scheme demonstrates fraudsters’ persistent ability to adapt and evade app store safeguards.” The team “uncovered almost 300 app IDs linked to the Mirage operation, which collectively garnered more than 70 million downloads, despite providing users with no genuine functionality.”
All of the apps identified have been removed from Play Store, and Google Play Protect should warn you if one is running your device and disable its features. But the best advice is always to manually delete any apps flagged in this way.
Examples of fake apps.
That’s easier said than done though. Here’s the list of fraudulent apps. It’s extensive. The better plan is to root through your phone and delete trivial apps you no longer use — or more likely never used. You should also scan the list and see if you recognize any.
Every app on this list is vacuous and pointless. “Mirage reflects how these apps present the illusion of utility,” IAS says, “appearing useful on the surface, but offering nothing real underneath. Like a mirage, the promise vanishes the moment users engage.”
If your phone is infected you should know that. “Ads begin popping up aggressively, often independent of any user action. These ads appear when they shouldn’t. For instance, launching in the middle of unrelated apps or when the device should be idle.” That means “screens hijacked by endless advertising.”
The ads generate a return to the developers behind the malware, as they report the ads as genuine to advertisers who don’t know their content has been abused in this way.
And if you are hunting for trivial apps — PDF readers or phone cleaners for example, these apps are adept at ranking highly on Play Store lists. “Almost every Mirage linked app investigated showed an unnaturally rapid rise in download count, especially in its first few weeks. IAS researchers observed that many of these apps launched with a flood of installs that appear to come from bots or coordinated install farms.”
IAS says it “worked in close partnership with Google to neutralize the Mirage operation. After correlating anomalous traffic patterns and confirming the ad‑fraud mechanics in late May 2025, IAS shared actionable intelligence with Google’s Play Store team.”