This new malware will click on ads without you knowing. Malicious apps may have squeaked past your attention and hidden in your phone.
The apps, a McAfee blog, warned that the malicious malware could pull the plug off the life of your phone battery and slow-up hardware performance.
McAfee security experts identified the new threat as "clicker" malware that has managed to get into Google Play and cloaked itself as standard software.
The researchers of the security software company discovered the harmful code on applications such as QR readers, unit converters, camera, task managers, and flashlights (torch).
Once the user opens the app, it will execute an HTTP request to download its remote configuration. With the download of the configuration, the app registers the Firebase Cloud Messaging or FCM listener to get push messages.
These remote configurations and FCM make this app capable of launching fraud activities by clicking ads to generate revenue for the threat actor.
List of Apps Impacted
Here's the list of apps impacted by the malware:
- BusanBus (com.kmshack. BusanBus)
- EzDica (com.joysoft.ezdica)
- EzNotes (com.meek.tingboard)
- Currency Converter (com.smartwho. SmartCurrencyConverter)
- Flashlight+ (com.candlencom.candleprotest)
- Flashlight+ (kr.caramel.flash_plus)
- Flashlight+ (com.dev.imagevault)
- High-Speed Camera (com.hantor. CozyCamera)
- Joycode (com.joysoft.barcode)
- Instagram Profile Downloader (com.schedulezero.instapp)
- K-Dictionary (com.joysoft.wordBook)
- Quick Note (com.movinapp.quicknote)
- Smart Task Manager (com.james. SmartTaskManager).
Click And Maximize Ad Revenue
If you are found to have clicked on advertisements without actually having clicked on it, that's the malware working. The goal is simple: maximize revenue on advertisements.
The threat actors who deployed the malware are making money from ad revenues.
McAfee said the malware might sound to you as harmless, but it is actually causing "heavy network traffic and consuming power" without you knowing it.
Malware No Longer on Google Play
McAfee said a total of 16 apps previously on Google had been found containing the malicious malware.
The company estimated at least 20 million users have the malware on their Android phones.
McAfee had notified Google about its findings. These apps, the company said, are "no longer on Google Play" but remain active on some phones.
To protect your phone and your personal data as well, it is best for you to remove the app from your phone.
By successfully removing this malicious malware can restore your battery life and reduce mobile data usage decreases.
CAS And LivePosting
Researchers at McAfee said there are two pieces of code the threat has.
One code, they said, is "com.click.cas" library. This code can make your phone automatically click on ads.
The other code is 'com.liveposting" library that acts like an agent and is responsible for hiding adware services.
These two codes are present in some apps, while other versions only have the "com.liveposting".
To avoid detection by users, the clicker malware will use random delay, installation time, and user presence. That means this malware will remain inactive during the first hour of the installation time. It will not also launch its malicious activities at the time the user is actively using the device.
McAfee said that mobile security could detect this malware and effectively remove the app.
To ensure full protection from this threat, users are advised to install security software.
Related Article : 10 Things to Know About Computer Viruses