- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Clicker Malware Garners Estimated 20 Million Downloads
So-called “clicker” malware designed to facilitate ad fraud has been found on 16 mobile apps in the Google Play store, according to McAfee.
After being notified by the security vendor, Google has removed the offending apps, which are estimated to have garnered as many as 20 million downloads.
Detected as Android/Clicker, the malware was inserted into legitimate-looking utility apps such as flashlights, QR readers, cameras, unit converters and task managers.
“Once the application is opened, it downloads its remote configuration by executing an HTTP request,” explained McAfee.
“After the configuration is downloaded, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages. At first glance, it seems like well-made android software. However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques.”
Specifically, the malware forces infected devices to visit and browse certain websites in the background, without the user’s knowledge.
This generates ad fraud profit for the threat actor in the form of fake clicks, although it can also degrade device performance for the user, run down the smartphone’s battery and run up additional mobile data fees.
There are two key pieces of malicious code at play: the ‘com.click.cas’ library focuses on automated clicking, while the ‘com.liveposting’ library works as an agent to run hidden adware services.
Android/Clicker stays under the radar to avoid attracting the attention of a device user by leaping into action only when an infected smartphone is not in use. It will also not work within an hour of initial installation, McAfee said.
“We recommend having a security software installed and activated so you will be notified of any mobile threats present on your device in a timely manner,” the security vendor concluded.
“Once you remove this and other malicious applications, you can expect an extended battery time and you will notice reduced mobile data usage while ensuring that your sensitive and personal data is protected from this and other types of threats.”
