Researchers found and reported two apps that remained available on Google Play for more than a year containing ad-clicking malware.
The notepad app Idea Note and fitness app Beauty Fitness were created by the developer Idea Master were in the store for more than a year being downloaded about 1.5 million times. Symantec Software Engineer May Ying Tee believes the apps stayed undiscovered for so long was their use of a legitimate packer, which complicated any attempt of a security pro to understand the Android Package Kit’s behavior.
Once the app is downloaded it posts a notification for the user to click. Once this is accomplished Toast is used to display an advertisement. However, unlike other similar scams the ad is not hidden, but displayed on the screen just outside the viewable area.
“This is done by first creating a Canvas outside the device’s viewable display such that, technically, the advertisements are drawn on the device. By using the translate() and dispatchDraw() methods (see Figure 4) the position of the drawings are beyond the device’s viewable screen area and the user is unable to see the advertisements on their device,” Tee wrote.
The malware then starts clicking on the displayed, but unseen, ad generating revenue.
The primary negative affect is draining the devices battery, data usage and slower performance do to the incessant clicking.
Once reported the apps were promptly removed by Google.