“Clicker” Malware found in Android Apps were Downloaded over 20 Million Times

“Clicker” Malware found in Android Apps were Downloaded over 20 Million Times

16 Apps with malicious intent were removed from the Google Play Store after they were caught committing mobile ad fraud. Before being taken down, the apps calculated over 20 Million cumulative downloads.

The malicious malware known as “Clicker” malware, disguised itself as seemingly harmless utilities like cameras, currency converters, QR code readers and more.

The list of malicious apps that were removed from the play store include:

  • High-Speed Camera (com.hantor.CozyCamera) - 10,000,000+ downloads

  • Smart Task Manager (com.james.SmartTaskManager) - 5,000,000+ downloads

  • Flashlight+ (kr.caramel.flash_plus) - 1,000,000+ downloads

  • 달력메모장 (com.smh.memocalendar) - 1,000,000+ downloads

  • K-Dictionary (com.joysoft.wordBook) - 1,000,000+ downloads

  • BusanBus (com.kmshack.BusanBus) - 1,000,000+ downloads

  • Flashlight+ (com.candlencom.candleprotest) - 500,000+ downloads

  • Quick Note (com.movinapp.quicknote) - 500,000+ downloads

  • Currency Converter (com.smartwho.SmartCurrencyConverter) - 500,000+ downloads

  • Joycode (com.joysoft.barcode) - 100,000+ downloads

  • EzDica (com.joysoft.ezdica) - 100,000+ downloads

  • Instagram Profile Downloader (com.schedulezero.instapp) - 100,000+ downloads

  • Ez Notes (com.meek.tingboard) - 100,000+ downloads

  • 손전등 (com.candlencom.flashlite) - 1,000+ downloads

  • 계산기 (com.doubleline.calcul) - 100+ downloads

  • Flashlight+ (com.dev.imagevault) - 100+ downloads

Once the Clicker malware is installed and launched, it begins to covertly visit bogus websites to simulate ad clicks without the victims’ knowledge.

“This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware,” according to SangRyol Ryu, a McAfee researcher.

To conceal itself, Clicker will not start operating within the first hour of installation. To stay under the radar, it will also work on a randomized delay.

The discovery of these malicious apps comes two months after McAfee discovered a dozen Android adware apps on the Google Play Store that had a strain of malware called HiddenAds, which also operated without any user interaction.

“Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem,” Ryu said. “Malicious behavior is cleverly hidden from detection.”

 

Story via The Hacker News

Poorly Protected Healthcare VPN Servers the latest Ransomware Target

Poorly Protected Healthcare VPN Servers the latest Ransomware Target

Passkey Support is being tested by Google on Chrome and Android Devices

Passkey Support is being tested by Google on Chrome and Android Devices