Sixteen Android apps downloaded more than 20 million times have been found to be infected with the new Clicker malware, which facilitates mobile ad fraud, reports The Hacker News.
Clicker malware impersonates camera, QR code converter, note-taking, currency/unit converter, and dictionary apps, with "High-Speed Camera" and "Smart Task Manager" being the most prevalent malicious apps, a report from McAfee revealed. Installation and execution of the malicious apps prompts bogus website hopping and ad click simulation by the malware without the knowledge of victims.
Moreover, Clicker malware does not commence malicious activity within the first hour of the app's download and includes a randomized delay in an effort to remain stealthy.
"Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden from detection," said McAfee researcher SangRyol Ryu.
Google has already removed all of the reported malicious apps from its Play Store.
Vulnerable Apache NiFi implementations are being targeted in new attacks deploying the Kinsing cryptomining malware, as indicated by the significant increase in HTTP requests for "/nifi" on May 19, according to The Hacker News.
Numerous fraudulent websites masquerading as legitimate software, including ChatGPT, Gimp, AstraChat, and Go To Meeting, have been used in a new RomCom malware campaign by Cuba ransomware affiliate Void Rabisu, also known as Tropical Scorpius, from December 2022 to April 2023, which was mostly targeted at Eastern Europe, according to BleepingComputer.