Though some Android progams that were found to contain a clicker Trojan have been updated or deleted from Google Play, many of the 34 affected apps are still available for download.
A new malicious ‘clicker Trojan’ affecting Android apps has been detected and reported by security researchers. The malware was found in 34 different Google Play apps that have been downloaded 100m times by almost 52m users
The Android.Click.312.origin trojan, as well as its modified Android.Click.313.origin variant, is designed to generate fraudulent click-through and subscription revenue for its developers. In order to avoid raising suspicion, the module only starts working eight hours after a user launches the program containing it. The module can be installed in any kind of ordinary application such as dictionaries, online maps, audio players, barcode scanners and more.
Apps such as a text editor, an app that indicates Muslim prayer times, a pedometer, a PDF viewer and an app to see who has unfriended you on social media were just some of the programs found to contain malicious Trojans.
Once launched, the Trojan sends all manner of information from the infected device to the command and control server, such as time zone, operation system version, user’s country of residence, time zone, whatever data is present in the application that controls the Trojan, and more.
In some instances, the Trojan can not only advertise applications on Google Play but can secretly load websites, videos and other dubious content. According to the researchers, some users affected complained that they had been automatically subscribed to expensive content provider services.
The researchers notified Google about the malicious code and have said that some of the applications were swiftly deleted. Other apps were updated and had malicious content removed, but many still contained a malicious module and remained available for download.
Just last month, two other reports emerged regarding malware and ransomware affecting Android devices. A malware was discovered entitled ‘Agent Smith’, which replaces code on popular apps such as WhatsApp, Opera Mini and Flipkart, and installs its own malicious code.
Security researchers also recently discovered ransomware targeting Reddit users on Android devices. The ransomware is designed to trick users with links spread through porn-related topics, and some elements of the code’s encryption suggest it may be derived from the WannaCry ransomware.