- Feb 4, 2016
- 2,520
The developer(s) of an Android adware family named GhostClicker has managed to sneak his malware on the official Google Play Store on several occasions, hiding it in as much as 340 mundane Android apps.
There have been so many cases of Android adware making it on the Google Play Store that it's getting harder to keep track of all the adware families. Previous cases include Chamois, FalseGuide, HummingBad, Viking Horde, DressCode, CallJam, and Skinner. , just to name the biggest.
All show a trend and weakness in Google's Play Store security checks that malware devs are exploiting to push adware to unsuspecting users.
The secret of sneaking malware past Google is to split malicious behavior across several components, delay its execution, and use anti-sandboxing checks to prevent execution in obvious testing environments.
GhostClicker taps on ads, shows popups
As the name suggests, GhostClicker taps on ads for the adware operator's profit. It doesn't tap on any ads, but only those served via Google's AdMob platform. Other Android adware like Skyfin and Mapin also used the AdMob platform to boost their profits.
As a secondary method of earning money, GhostClicker also participates in traffic redirection affiliate schemes by showing popups and ads over other apps, trying to redirect users to various pages, such as YouTube links, the Play Store pages of other apps, and more.
Overall, GhostClicker was obviously developed for monetary profit alone, with no support for stealing a user's personal data.
101 of 340 infected apps still available on the Play Store
Trend Micro says it found GhostClicker in mundane apps such as app cleaners, memory boosters, file managers, QR and barcode scanners, multimedia recorders, multimedia players, battery chargers, and GPS navigation apps.
Most victims infected with GhostClicker were from Southeast Asian countries. One of the apps infected with GhostClicker was downloaded by more than five million users.
Experts reported all the 340 infected apps to Google, but 101 of these were still available in the Play Store on August 7.