Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Intelligence, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Android/Clicker.G malware found in Google Play apps

Researchers found a series of malicious apps containing Android/Clicker.G on the Google Play store. The campaign targets mobile devices in Russia, but they affect apps that are available globally, according to an Intel Security blog post.

The applications do not immediately execute the malicious payload, but rather start to display unwanted advertisements six hours after the app was downloaded. The ads then redirect to webpages that download other threats to the device.

“One application loads a web view with content from different sources that could offer some value to the victim, gaining some credibility with users, wrote McAfee Labs mobile malware researcher Fernando Ruiz. “To appear legitimate, this threat does not immediately execute the malicious payload.”

The payloads, which are not encrypted, are executed after users download mobile apps that appear to be health care, sports, food, or gaming apps. Some of the malicious apps were installed on as many as 1,000 to 5,000 devices.

“China is the largest purveyor of mobile malware for Android. The underground cyber arms bizarres are teeming with activity in this area. The most dangerous of which are proximity capable exploits, Hank Thomas, COO at Strategic Cyber Ventures LLC, told via email. “The Chinese are essentially taking a page from masters of the game, the Russians.”

The apps were removed from the Google Play store after the malware was reported, McAfee stated. The malware was also found in other application marketplaces.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.