Researchers found a series of malicious apps containing Android/Clicker.G on the Google Play store. The campaign targets mobile devices in Russia, but they affect apps that are available globally, according to an Intel Security blog post.
The applications do not immediately execute the malicious payload, but rather start to display unwanted advertisements six hours after the app was downloaded. The ads then redirect to webpages that download other threats to the device.
“One application loads a web view with content from different sources that could offer some value to the victim, gaining some credibility with users, wrote McAfee Labs mobile malware researcher Fernando Ruiz. “To appear legitimate, this threat does not immediately execute the malicious payload.”
The payloads, which are not encrypted, are executed after users download mobile apps that appear to be health care, sports, food, or gaming apps. Some of the malicious apps were installed on as many as 1,000 to 5,000 devices.
“China is the largest purveyor of mobile malware for Android. The underground cyber arms bizarres are teeming with activity in this area. The most dangerous of which are proximity capable exploits, Hank Thomas, COO at Strategic Cyber Ventures LLC, told SCMagazine.com via email. “The Chinese are essentially taking a page from masters of the game, the Russians.”
The apps were removed from the Google Play store after the malware was reported, McAfee stated. The malware was also found in other application marketplaces.