A New Malware Discovered That Affected The 190 Android Apps On The Google Play Store
Google has deleted up to 190 applications affected with the malware from the Google Play Store after security researchers from Dr.Web contacted to the search giant about the issue.
Researchers pointed out the malware-affected apps towards the end of April, but only currently these apps have been deleted. Whereas the Russian security firm says that the apps contained a version of the recognized malware as Android.Click.95.
Malware remains six hours before initiating its malicious behavior.
According to the analysis of the security researchers the malware's mode of operation, Android. Just click and remains for six hours after the user installs it as a part of an affected app.
After passing the six hours, the malware effectively loads a URL in the browser of the user, which includes the scareware-like messages that tell the user about his system or his battery has problems or not.
To attach his issues, the user has to download another app. In these cases, they have noticed that Dr.Web researchers say that the malware transmitted the users back to the Google Play Store to download these second-stage apps.
However, Dr. Web researchers explained that "For each download, fraudsters receive interest under the terms of affiliate advertising agreements. It explains why Android.Click.95 is so much widespread—the cybercriminals try to make as much profit as they can from these downloads."
These messages to download the other apps that show in every two minutes. The method of frequently nuisance users with irritating popups that were also noticed in another Android trojan from Android Banker that was found by Avast which was also more destructive.
That is marked by McAfee as well.
This operation appears to be associated with the same apps that were discovered by McAfee last week, who distinguished the malware as Android/Clicker.G.
And the McAfee researchers said that the malware was exploding the users with ads as well as the notification of system updates attracting them to the malicious website where they were requested to the downloaded further apps, as an element of a comparable to the associated to the rewards program.
The researchers of Dr.Web discovered that all of the Google Play Store apps they have noticed with Android.Click came from six users: allnidiv, malnu3a, mulache, Lohari, Kisjhka, and PolkaPola. And all of these were apps that displayed daily horoscopes, dream-books, life advice, jokes as well as the similar useless applications.
At the time of scripting, Google has delisted all of the apps related to these accounts.