14 DAY TRIAL // Google has removed 190 applications infected with malware from the Google Play Store after security researchers from Dr.Web contacted the search giant about the issue.
Researchers spotted the malware-infected apps towards the end of April, but only recently have these apps been removed. The Russian security firm says the apps contained a version of the malware identified as Android.Click.95.
Malware waits six hours before starting its malicious behavior
According to their analysis of the malware's mode of operation, Android.Click waits for six hours after the user installs it as part of an infected app.
After the six hours pass, the malware forcibly loads a URL in the user's browser, which contains scareware-like messages that tell the user his system or his battery has problems.
To fix his issues, the user has to download another app. In the cases they've observed, Dr.Web researchers say the malware redirected users back to the Google Play Store to download these second-stage apps.
"For each download, fraudsters receive interest under the terms of affiliate advertising agreements," Dr.Web researchers explained. "It explains why Android.Click.95 is so much widespread—the cybercriminals try to make as much profit as they can from these downloads."
These messages to download other apps appear every two minutes. The tactic of constantly pestering users with nagging popups was also detected in another Android trojan, Android Banker, discovered by Avast, which was also more aggressive.
Spotted by McAfee as well
This campaign seems to be related to the same apps discovered by McAfee last week, who detected the malware as Android/Clicker.G.
McAfee researchers said that the malware was blasting users with ads and system update notifications, luring them to malicious website where they were asked to download further apps, as part of a similar affiliate rewards program.
Dr.Web researchers revealed that all the Google Play store apps they've detected with Android.Click came from six users: allnidiv, malnu3a, mulache, Lohari, Kisjhka, and PolkaPola. These were apps that showed daily horoscopes, dream-books, life advices, jokes, and similar useless applications.
At the time of writing, Google has delisted all the apps associated with these accounts.
