The newly discovered Android malware has been confirmed to have infected approximately 20 million users. This malware, called Clicker, was injected into the Google Play Store using 16 different malicious applications.
McAfee researchers have announced that this malware is disguised as a legitimate utility and targets his Android phone users.
- These tools include Flashlight (Torch), QR readers, Camera, Unit Converters, and Task Managers.
- At first glance, these apps may look like well-made Android software. However, they are hiding ad fraud features, equipped with remote configuration and Firebase Cloud Messaging (FCM) techniques.
- Once the user downloads and opens these applications, an HTTP request is sent to launch remote configurations, and eventually, the Clicker Android malware is downloaded.
Researchers highlight new Android malware designed to disrupt the mobile advertising ecosystem. Operators can generate revenue by displaying deceptive advertisements on victims’ devices.
Escalating Attacks Through Legitimate Apps
Attackers not only target utility apps, but also use social apps to steal users’ accounts and credentials.
- In one incident, a fake version of the popular WhatsApp chat messenger, dubbed YoWhatsApp, was found circulating on the internet. The fake version claimed to offer additional features such as customizing the interface and blocking access to individual chats. However, it was nothing similar to the original version and instead stole access keys for users’ accounts.
- In another case, Meta removed of over 400 malicious Android and iOS apps targeting Facebook users. The primary goal of these apps was to steal users’ login credentials.
Installing security software on your phone can prevent these mobile threats. Users must protect themselves from attacks by downloading apps from unofficial sources or using cracked software apps.