Around 340 infected apps were found in the Google Play Store.
The newly discovered GhostClicker android malware is not really new at all. Trend Micro who discovered the strain of malware says that it’s creator has been uploading infected apps to the Google Play Store since August of 2016.
The malware is adware, developed for the profit of it’s developer through fraudulent ad clicks. These fraudulent clicks are directed solely at the Google AdMob platform. In addition to these clicks, the malware also redirects clicks to other locations that can be profitable to the malware creator.
Luckily, for those infected, this is all the malware does. There is no system written in to the app to steal user information. Earlier versions of the malware required the user to grant admin access to the app, however this is no longer needed on later versions of the malware.
The malware was found by Trend Micro in some 340 apps on the Google Play Store. These apps varied as far as type, and the malware could be found in app cleaners, file managers, QR scanners, multimedia recorders and players, and many more categories. Trend Micro reported the infected apps to Google, but as of August 7th, 101 of the 340 apps could still be found on the Play Store.
How did these apps make it through the safety gates of the Google Play Store? The developer utilized two separate methods. The first method is splitting it’s code across two components, in this case the Google Mobile Services API and Facebook Ad’s SDK. The second part of the play prevents the malware from initiating in a sandboxed environments in order to hide from testing environments. Using these methods, the malware doesn’t really come together into a recognized malicious application until it’s on the user’s phone. We can assume that it is because of strategies like this that Google has pushed out Google Protect which continuously checks applications on user’s phones, watching for malicious activity. While it is upsetting to know that such a quantity of malware has made it on to the Google Play Store, it is good to see that Google is now looking beyond the Play Store to protect from malware.