Experts from mobile security firm Lookout are warning users, especially those from China, of a new Android click fraud family called SimpleTemai. The malicious elements are capable of downloading additional applications and even inflating victims’ data bills.
Researchers have identified over 1,700 unique instances of the malware hidden in various strategy and racing games found on Chinese app stores.
Once it’s installed on a device, SimpleTemai can download and rate arbitrary applications from third-party app markets.
The curious thing is that after they’re downloaded, the programs are deleted. This indicates that the cybercriminals behind the campaign are using SimpleTemai to make it appear as if these applications were downloaded by numerous users, thus increasing their apparent popularity
So far, this is the malware’s only capability, but since it comes with a clever update mechanism, its functionality can be changed at any time.
Because it’s developed in FScriptME – a programming language that can be utilized as an embedded language in Java applications - the chances for the malware to evade static analysis detection increase.
For now, no signs of the threat have been seen on Google Play, but since this can change at any time, users are advised to be cautious when downloading apps.