Researchers found a clicker Trojan bundled with over 33 apps distributed through the Google Play Store and downloaded by Android users over 100 million times.
The malware was designed as a malicious module added to seemingly harmless applications such as audio players, barcode scanners, dictionaries, and a host of other various types of ordinary software most people would install on their Android devices.
These apps were fully functional as Doctor Web researchers found and didn't show any warning signs within their interface, while also not exhibiting any of the weird behavior most malicious applications display like hiding their icon after installation or requesting way too many permissions compared to the tasks they were designed to perform.
Clicker Trojans are a type of malware designed to stay active in the memory of infected devices and perform various ad fraud-related tasks in the background such as opening web pages without the victim's knowledge.
Subscribes victims to premium services
The clicker Trojan dubbed by the researchers Android.Click.312.origin would only activate 8 hours after the apps that contained were launched to evade detection.
Subsequently, another variant was also found while analyzing this malicious campaign, which got named Android.Click.312.origin.
After launching on one of the compromised Android devices, the malware would immediately start collecting system information such as:
• the OS version,• the device's manufacturer and model,• the user's country of residence,• the internet connection type,• the user's time zone,• and info on the app with the clicker Trojan module
All this information and more is packed and sent to the malwa ..