Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Android adware apps in Google Play downloaded over 20 million times

Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android.

Clicker apps are a special category of adware that loads ads in invisible frames or in the background and clicks them to generate revenue for their operators.

The effect on the device may be a drop in performance, overheating, increased battery usage, and inflated mobile data charges.

All 16 apps have been removed from Google Play after McAfee reported them. However, they still amassed an install count of 20 million.

Some of the clicker apps discovered
Some of the clicker apps discovered (McAfee)

The nastiest of the bunch is DxClean, which was installed five million times before it being removed. It had a relatively positive overall user rating of 4.1 out of 5 stars.

DxClean was downloaded 5 million times
DxClean was downloaded 5 million times (McAfee)

DxClean posed as a system cleaner and optimizer, promising to detect causes of system slowdowns and stop advertisement annoyances while performing the exact opposite actions in the background.

Clicker app functions

After launch, the apps download their configuration from a remote location via an HTTP request and register an FCM (Firebase Cloud Messaging) listener to receive push messages.

These messages contain instructions for the clickers, such as which functions to call and what parameters to use.

“When an FCM message receives and meets some condition, the latent function starts working,” McAfee explains in the report.

“Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user’s behavior,” the researchers add.

Network traffic to collect info for the auto-clicks
Network traffic to collect info for the auto-clicks (McAfee)

The auto-clicking function is handled by the ‘click.cas’ component, while the agent managing the hidden adware services is ‘com.liveposting’.

The two libraries supporting the clickers' operation
The two libraries supporting the clickers’ operation
(McAfree)

McAfee analysts say that the liveposting SDK can operate on its own, too, possibly to create only ad impressions, but recent versions of the apps feature both libraries.

The victim never interacts with the opened websites and is unlikely to realize the underground processes that generate profit for the remote operators.

To stay below the user’s radar, the malicious operation does not begin in the first hour after installing the app delays its start when the user is actively using the device.

Some ways to discover if apps of this kind are present on the device, users should check battery and internet usage. If the system stayed unused for a period, there is no justification for higher battery drainage and increased mobile data consumption.

For the complete list of the 16 clicker apps, check out the indicators of compromise section at the bottom of McAfee’s report.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.bleepingcomputer.com/news/security/android-adware-apps-in-google-play-downloaded-over-20-million-times/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Spywares are software that is used as a surveillance application to collect sensitive information from victims and send it to the person who installed the application....

Cyber Security

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that...

Cyber Security

DoNot APT Hackers Deploy Android Malware Apps on Google Play, Under the account name “SecurITY Industry,” the CYFIRMA team successfully identified dubious Android apps...

Cyber Security

A recently discovered Android subscription malware called ‘Fleckpe’ has surfaced on Google Play Store. This insidious malware disguises itself as an authentic application and...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO