Symantec revealed three malicious Android apps that click on ads without their user’s knowledge or permission.
Symantec researchers discovered three malicious applications on Google Play that collected ad revenue by clicking on ads while running in the background. The three apps utilized three separate techniques (delayed attacks, self-naming tricks, and an attack list received from a command and control server [C&C]) that are relatively common on their own, but have not been seen together. Symantec detects these threats as Android.Fakeapp. We have notified Google about these apps and they have been removed from Google Play.
The three malicious apps were available on Google Play with the following package and app names:
- com.sarabase.clearmaster.speedbooster (Clear Master Boost and Clean)
- com.desive.fastercharger.fastcharger (Fast Charge 2017)
- com.qt.fastercharger (Fast Charger X3 Free)
Two of the apps–Fast Charge 2017 and Fast Charger X3 Free–have been downloaded between 10,000 and 50,000 times in North America. (Google’s Play Store publicly releases only broad ranges.) The third, Clear Master Boost And Clean, has been downloaded between 5,000 and 10,000 times. All three use a variety of methods to prevent users from learning their real purpose or stopping them from earning their creators some more money.
Symantec, as always, recommended some best practices for avoiding malware:
- Keep your software up to date
- Do not download apps from unfamiliar sites
- Only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data