Are you an Android user? If so, you need to know about this new malware
A new malicious “clicker trojan” present in 34 different Google Play apps that have been downloaded 100m times by almost 52m users has been detected and reported by security researchers.
The Android.Click.312.origin trojan, as well as its modified Android.Click.313.origin variant, is designed to generate fraudulent click-through and subscription revenue for its developers. In order to avoid raising suspicion, the module only starts working 8 hours after a user launches the program containing it. The module can be installed in any kind of ordinary application such as dictionaries, online maps, audio players, barcode scanners and more.
Apps such as “Notepad Text Editor”, an app which indicates Muslim prayer times, a pedometer a PDF viewer and an app to see who has unfriended you on social media were just some of the programs found to contain malicious trojans.
Once launched, the Trojan sends all manner of information from the infected device to the C&C server such as time zone, operation system version, user’s country of residence, time zone, whatever data is present in the application that controls the trojan and more.
In some instances, the trojan can not only advertise applications on Google Play but can secretly load websites, videos and other dubious content.
According to the researchers, some users affected complained that they had been automatically subscribed to expensive content provider services.
The researchers notified Google about the malicious code and have said that some of the applications were swiftly deleted. Other apps were updated and had malicious content removed.
“However, at the time of this publication, most applications still contained a malicious module and remained available for download,” the report on the malicious programs explains.
Just last month, two other reports emerged to malware and ransomware affecting Android devices. A malware entitled “Agent Smith” that replaces code on popular apps such as WhatsApp, Opera Mini and Flipkart and installs its own malicious code.
Security researchers also recently discovered ransomware targeted Reddit users on Android devices. The ransomware is designed to trick users with links spread through porn-related topics, and some elements of the code’s encryption suggest it may be derived from the WannaCry ransomware.