100M Android App downloads contained a Clicker Trojan
Heidi Finigan | Last Updated:
VPN Streaming Expert
In early August, security researchers made a worrying discovery that could leave Android users at considerable risk when it comes to their privacy online.
Up to 33 applications distributed via the Google Play Store have been found to hold a clicker trojan within their code. These trojans were found to ask for far too many device permissions, opened webpages on their own and made other device operations without user consent.
When you factor in that these applications and their hidden trojans were downloaded more than 100 million times, it’s clear to see that there is a significant issue with Google’s Play Store.
An assessment of the affected mobile applications by experts at Doctor Web uncovered that the clicker trojans were primarily ‘designed as a malicious module added to seemingly harmless applications.’ What this means is, there was no real way for users to tell if they were downloading a ‘sketchy’ application or not.
Seemingly harmless apps such as audio players, dictionaries and barcode scanners were a few of the apps used to hide the trojans.
The Doctor Web team also noted that the applications worked entirely as usual, making it harder for users to know they had installed a malicious Android app. As an example, users could merely be scanning a barcode on a supermarket shelf, without a hitch, though in the background the trojan could be opening apps, buying subscriptions and clicking on web ads.
The Clicker Trojan
After an in-depth inspection of the trojan, it was revealed that there was one primary focus, which was to increase clicks, gain new subscribers and open ads.
A few of the activities the trojan undertook on a device included:
- Opening webpages without permission.
- Subscribing to costly premium services.
- Clicking on in-app and web-based ads.
A more in-depth look also exposed the trojan’s ability to remain dormant and undetected for hours after the initial install. Users won’t notice or see a change in their smartphone until 8 hours after the trojan was installed, as it’s programmed not to act until far later.
Malicious on-device data collection was also spotted in the trojan’s analysis, with the following device information being collected and shared back to servers:
- Model and manufacturer number
- Android OS version
- Country of residence
- Internet type
- Time zone information
- Data on the infected app.
All of this data is then sent back to a managing device for analysis and the monitoring of how well trojans are performing specific tasks. The details are also likely to be used by the trojan’s creator to enhance the malware and further infect more Android devices on the Play Store.
VPN for Android devices
For those looking to decrease their chances of having a device infected with malware, downloading a VPN for your Android device and subscribing to a service is one of your best bets. You’ll be able to rest assured that these applications are encrypting data leaving your device and coming into it as well.
In some cases, a VPN service may also provide anti-malware services which scan your device and downloads for potential malware though these are not included as part of a VPN, but rather a standalone feature.
It’s also good to note that some VPNs block ads on Android, so there won’t be anything for the trojan mentioned above to click on while you browse. Take a look at NordVPN’s ad-blocking capabilities as well as CyberGhost’s. Of course, this isn’t a complete fix, but it will still prevent parts of the trojan from working effectively until you remove it.