Thousands of Android devices hit with ad-clicking bot malware

By on
Thousands of Android devices hit with ad-clicking bot malware

A new malicious Android app has infected at least 60,000 devices gaining the ability to extract some important information from each device along with installing some ad click malware.

The scam's, which was uncovered by RiskIQ, initial introduction to a device starts with a pop-up ad telling the device owner that the battery may be having issues and running down too quickly. The malware is able to determine the brand and model of the device by parsing the user-agent server-side and embedding the processed brand and model information in the script that renders the pop-up.

The ad offers to solve this problem by connecting the user with a power saver app.

The pop up offers the target the chance to either download the power saver or cancel out of the deal. However, the malware does not care which choice is made and transports the user to a power saver app located in the legitimate Google Play store. This fact made the RiskIQ researchers believe the group behind this scam is relatively unsophisticated. The most effective way to get rid of such a pop up is to restart the device.

If the victim decides to install the power saver app he or she must give the app some very important permissions.

  • Read sensitive log data
  • Receive text messages (SMS)
  • Receive data from Internet
  • Pair with Bluetooth devices
  • Full network access
  • Modify system settings

On the bright side, the power saving app actually works by stopping processes that use too much power during a low battery state and it monitors the battery's status.

But that is the only bonus. In addition to giving the malware the ability to control their phone, the user also has a small ad-clicking backdoor installed.

“While it may seem benign, the ad-clicker also steals information from the phone, including IMEI, phone numbers, phone type/brand/model, location, and more,” RiskIQ said.

The device then is registered with a command and control server and starts to look for ad-clicking assignments which will generate income for the malware's creators. The ad-clicking bot runs in the background and does not use much power.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What does your business want for Christmas?
Skilled people who'll take Elves' wages
A stocking full of good leads
Please, Santa, drop some cash down the chimney!
All status indicators green like misteltoe, none red like Rudolph's nose
A peaceful, relaxing time for the team and our clients, and all their families
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?