Android users have been receiving alerts to avoid downloading malware-infested apps from Play Store almost every week. Google recently revealed that they have taken required actions to safeguard the app distribution platform from all kinds of malware and frauds.
But it seems, such malware campaign is still continuing as researchers found eight malicious android apps, which are mostly camera utilities and children's games. As per the recent finding, these apps are capable of spreading a new clicker malware strain, dubbed 'Haken' which can steal data and sign victims up for expensive premium services.
Malicious apps in Play Store
Researchers at the security company, Check Point observed the new malware family while looking for another clicker malware BearClod. The Haken malware extracts sensitive data from victim's Android device and covertly signs them up for expensive premium subscription services.
Eight such apps were found distributing the malware in the Play Store which had collectively been downloaded 50,000 times. But it should be noted that these apps are no longer available on the platform. Even though these malicious Android apps legitimately function as advertised, in the background they covertly perform an array of malicious functions. These includes:
Check Point Research said on Friday, February 21 that the Haken has shown "clicking capabilities" while staying hidden in Google Play. The company also stated that "Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns."
The researchers call it "clicker" malware which means that it has the ability to mimic the user and then clicks on anything which appears on the victim's Android phone. In terms of the impact, this malware can affect users in two ways. First, the downloaded apps are able to sign users up for premium subscription services without their consent and second, access any sensitive information visible on the mobile screen, which may include official emails as well as conversations over messaging platforms.
Haken also interacts with a remote server and asks for permissions to let the app run code when a device starts up. Then it injects code into advertising monetization platforms for Facebook (Facebook Ad Center) and for Google (specifically Google AdMob). As per the Check Point, such activity would give the hackers access to the credit cards tied to these accounts, which are used to pay for the premium subscription services.
While downloading any app from any marketplace, a user should always be wary and check the apps' reviews, urged Check Point researchers.
Google bans 600 apps
It should be mentioned that this Haken malware threat was revealed soon after Google put a ban on 600 apps for displaying disruptive advertising behaviour that the tech giant labelled as mobile ad fraud. Cheetah Mobile has been one of the biggest troublemakers as it has created about 45 of those newly banned apps.
Per Bjorke, senior product manager for Ad Traffic Quality at Google, on Thursday, February 20:
"Mobile ad fraud is an industry-wide challenge that can appear in many different forms with a variety of methods, and it has the potential to harm users, advertisers and publishers.
"At Google, we have dedicated teams focused on detecting and stopping malicious developers that attempt to defraud the mobile ecosystem. As part of these efforts, we take action against those who create seemingly innocuous apps, but which actually violate our ads policies."