At least a 190 applications which were infected with malware and were on the Google Play Store have been removed after security researchers working for the Dr. Web Company contacted Google about the problem.
The malware infected apps were seen by the researchers at the end of April, but it’s only now that the apps are being removed. A malware version which is popularly known in the tech world as Android.Click.95 was thought to be inside the apps, according to the Russian security firm. The analysis of the malware’s modus operandi done by the firm shows that the malicious code waited for six hours after being installed on a device before it starts being part of an infected app. After the six hour period passes, the malware then loads a URL on the user’s web browser rather forcibly which would be containing a lot of messages designed to scare the user such as notifying him that his battery or system might be having problems.
One of the solutions to fix the problem is that the user has to download another app. In the few cases that they analyzed, the researchers at Dr. Web said that the malware was the one responsible for redirecting users back to the Google Play Store where users would download these second stage apps. The researchers explained that for each and every download which happened, the fraudsters behind the code would then receive interest under the terms of affiliate advertising agreements. This is why the Android.Click.95 is so widespread because the cyber criminals will be trying to gain an advantage and make as much profit as they can, the researchers also say.
Messages which tell users to constantly download a new app are always there and appear after every two minutes. This tactic has also been used in the Android Trojan, Android Banker, which was discovered by Avast, and is even more aggressive.
Antivirus company, McAfee also detected the Android/Clicker.G malware last week, and it seems the whole nagging campaign might be the one used on that one too. The researchers at McAfee said that the users were being blasted with ads and system update notifications, which in turn pushed them to malicious websites and there were then requested to download a new app, another scheme of the similar affiliate rewards program.
The Google Play Store apps revealed by the Dr. Web researchers apparently came from six users: allnidiv, malnu3a, mulache, Lohari, Kisjhka, and PolkaPola. The apps showed horoscopes, dream books, life advice, and other similar useless applications. Google delisted all apps associated with the mentioned accounts.