Security Researchers Discover Clicker Malware In 16 Android Apps

Posted on October 23, 2022 at 6:49 PM

Security Researchers Discover Clicker Malware In 16 Android Apps

A recent report reveals that sixteen Android apps downloaded more than 20 million times are infected with the new Clicker malware. According to the report, the malware is being used for mobile ad fraud, as it is used to impersonate QR code converters, currency/unit converters, note-taking, and dictionary apps.

Once the malicious app is installed and executed, it leads to the simulation of ad clicks by the malware without the victim’s knowledge. Additionally, Clicker malware starts its activities one hour after it has been downloaded to conceal its real intentions and stay under the radar.

Cybersecurity researcher at McAfree, SangRyol Ryu, commented on the discovery.”Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem”, he said, adding that the activities of the malware are completely under the radar.

Clicker apps are a special type of adware that loads ads in backgrounds or invisible frames and clicks them to generate revenue for their operators. The impact on the device may include increased battery usage, overheating, a reduction in performance, as well as inflated mobile data charges.

DxClean Has Been Downloaded Over 5 Million Times

The leader of the bunch is DxClean, which has been installed more than 5 million times before it was discovered and removed. Surprisingly, the app had a positive user rating of 4.1 out of 5 stars.

DxClean serves as a system cleaner and optimizer. According to its service description, it discovers the causes of system shutdowns and stops advertisement annoyances. However, in the real sense, it does the exact opposite of its supposed function in the background.

The Malware Mimics Users’ Behavior

After the launch, the apps download their configuration through a remote location at the HTTP request. It then registers a Firebase Cloud Message (FCM) listener to receive the push messages. These contain instructions for the clickers, including the parameters to use and the functions to call.

When certain conditions are met with an FCM message, the Clickers apps start working on the installed device. It performs a lot of functions, including visiting sites and browsing them in the background while mimicking the users’ behavior. ‘com.liveposting’ manages the hidden adware while the ‘click.cas’ component handles the auto-clicking function.

Summary
Security Researchers Discover Clicker Malware In 16 Android Apps
Article Name
Security Researchers Discover Clicker Malware In 16 Android Apps
Description
The apps have been downloaded more than 20 million times. One of the apps, DxClean, has been downloaded more than 5 million times. The malware stays under the radar to perform various mimicking functions.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 17, 2023
Hackers Are Hiding Malware Within Legitimate Services Such As Slack And Trello
Aug 16, 2023
Info-Stealing Malware Exposes More Than 100,000 Hacking Forums  
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Oct 29, 2024
Recruitment Announcement: B2B Sales Representatives and Business Introducers
Oct 28, 2024
⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃
Oct 25, 2024
Understanding and Preventing DDoS Attacks with KoDDoS
Oct 22, 2024
Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃
Oct 17, 2024
Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading