(Credit: Inked Pixels/Shutterstock)

As you've probably heard before, there's no such thing as a free lunch. When a developer makes an app and gives it away, there's almost always a catch. Maybe they collect or even steal your personal data and sell it off to strangers. Maybe the app is full of ads. Sometimes, the ads themselves are part of a larger con known as click-fraud, and a new batch of nearly two dozen was spotted by respected digital security firm Sophos at the end of last week.

We reported just a few weeks ago on this phenomenon, as originally covered by BuzzFeed News, and it allegedly goes like this: A developer puts ads in their app and hires a shady company to fake clicks on those ads. The ad supplier, who is unaware of this arrangement, pays according to how many users click on those ads.

SEE: 5 online scams to avoid during 2018 holiday shopping

The shady company can simulate tens of thousands of users, and they've recently been able to fake what operating system the user has; iPhone and iPad users are perceived as premium customers because they statistically have more disposable income.

Even though this malware is on Android, the developer may have an iOS version of the app, so the advertiser may be led to believe that those fake clicks are coming from its iPhone or iPad customers.

Sophos has identified 22 specific Android apps that it believes are participating in this scheme. In alphabetical order, they are:

  • AK Blackjack
  • Animal Match
  • Box Stack
  • Cliff Diver
  • Color Tiles
  • HexaBlocks
  • HexaFall
  • Jelly Slice
  • Join Up
  • Just Flashlight
  • Magnifeye
  • Math Solver
  • Neon Pong
  • PairZap
  • Roulette Mania
  • ShapeSorter
  • Snake Attack
  • Space Rocket
  • Sparkle FlashLight
  • Table Soccer
  • Tak A Trip

If you find any of these apps on your device, uninstalling them should be enough to fix the problem. If you need a flashlight app, Android has actually had this tool built in for several years. For most users, you can find a shortcut to it just by dragging down from the top of the screen. You may also be able to activate it by saying, "Hey Google, turn on the flashlight."

FOLLOW Download.com on Twitter for all the latest app news.

For the person using one of these 22 apps, you won't even see the ads that are furiously being clicked on, because they open up in a hidden window. However, Sophos says that this behavior will consume excessive battery power either way, and it could cause overage charges if you're on a limited data plan.

The developers in question may tell you that they had no idea this was going on. And shady click-fraud suppliers may even point fingers at an alleged third party that was doing the actual dirty work. To hear BuzzFeed News tell it, this entire rogue's gallery may be part of a larger, coordinated effort. But the bottom line is that you need to be careful when an offer seems too good to be true.

Takeaways

  • Digital security firm Sophos has identified 22 Android apps on the Google Play Store which it believes to be part of a click-fraud scam.
  • The ads in these apps are hidden from the user, and fake clicks are simulated by the thousands. Advertisers pay according to the number of clicks, unaware that they're fake.
  • This type of click-fraud can drain your phone's battery and may trigger overage charges if you're on a limited data plan.

Also see

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.