Privacy News Auto-Clicking Android Adware Found in 340 Apps on the Google Play Store

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The developer(s) of an Android adware family named GhostClicker has managed to sneak his malware on the official Google Play Store on several occasions, hiding it in as much as 340 mundane Android apps.

There have been so many cases of Android adware making it on the Google Play Store that it's getting harder to keep track of all the adware families. Previous cases include Chamois, FalseGuide, HummingBad, Viking Horde, DressCode, CallJam, and Skinner. , just to name the biggest.

All show a trend and weakness in Google's Play Store security checks that malware devs are exploiting to push adware to unsuspecting users.

The secret of sneaking malware past Google is to split malicious behavior across several components, delay its execution, and use anti-sandboxing checks to prevent execution in obvious testing environments.
Click to expand...

GhostClicker taps on ads, shows popups

As the name suggests, GhostClicker taps on ads for the adware operator's profit. It doesn't tap on any ads, but only those served via Google's AdMob platform. Other Android adware like Skyfin and Mapin also used the AdMob platform to boost their profits.


As a secondary method of earning money, GhostClicker also participates in traffic redirection affiliate schemes by showing popups and ads over other apps, trying to redirect users to various pages, such as YouTube links, the Play Store pages of other apps, and more.


Overall, GhostClicker was obviously developed for monetary profit alone, with no support for stealing a user's personal data.
Click to expand...

101 of 340 infected apps still available on the Play Store

Trend Micro says it found GhostClicker in mundane apps such as app cleaners, memory boosters, file managers, QR and barcode scanners, multimedia recorders, multimedia players, battery chargers, and GPS navigation apps.


Most victims infected with GhostClicker were from Southeast Asian countries. One of the apps infected with GhostClicker was downloaded by more than five million users.


Experts reported all the 340 infected apps to Google, but 101 of these were still available in the Play Store on August 7.
Click to expand...
 
  • Like
Reactions: silversurfer, Adventure and ispx
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • +Reputation
Android adware apps on Google Play amass two million installs
Replies
0
Views
697
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
    • Like
    • +Reputation
'Evil Telegram' Android apps on Google Play infected 60K with spyware
Replies
5
Views
1,977
News Archive
TairikuOkami
TairikuOkami
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Trojanized Signal and Telegram apps on Google Play and Samsung Galaxy Store delivered spyware
Replies
7
Views
1,296
News Archive
cartaphilus
cartaphilus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top