Trojan Clicker Dangers on Android,

What is it Clicker Android?

Clicker Trojans are widespread malicious programs designed to increase website visit rates and make money from online traffic. They simulate user actions on web pages by clicking links and other interactive elements. Virus analysts at Doctor Web have detected another such Trojan on Google Play.

The Trojan is a malicious module that, according to Dr.Web's classification, was named Android.Click.312.origin. It is integrated into ordinary applications such as dictionaries, online maps, audio players, barcode readers, and other software. All of these programs are operable and seem harmless to Android users. Furthermore, Android.Click.312.origin only starts its malicious activity after 8 hours after launch, so as not to raise suspicions.

After the installation of a new application or the download of an apk file by the Play Market client, the Trojan sends information about this software together with some technical data about the device to the command and control server. In response, Android.Click.312.origin receives website addresses to open in an invisible WebView, as well as links to load in a browser or Google Play.

Therefore, depending on the command and control server settings and the instructions it sends, the Trojan can not only advertise applications on Google Play, but also covertly load any website, including advertisements (even videos) or other questionable content. . For example, after installing applications with the built-in Trojan, users complained of being automatically subscribed to expensive content provider services.

Android apps contain a clicker trojan?

Researchers found a clicker Trojan bundled with more than 33 apps distributed through the Google Play Store and downloaded by Android users more than 100 million times.

The malware was designed as a malicious module added to seemingly harmless applications such as audio players, barcode readers, dictionaries, and a host of other common software types that most people would install on their Android devices.

These applications were fully functional as Doctor Web researchers discovered and did not display any warning signs within their interface, while also showing none of the strange behavior that most malicious applications display, such as hiding their icon after installation. or requesting too many permissions compared to the tasks for which they were designed.

Know the danger Trojan Clicker?

The clicker Trojan dubbed Android.Click.312.origin by researchers would only activate 8 hours after the applications it contained were launched to evade detection.

Later, another variant was also found when analyzing this malicious campaign, which was named Android.Click.313.origin.

After booting on one of the compromised Android devices, the malware would immediately
Start collecting system information such as:
1.- the version of the operating system.
2.- the manufacturer and model of the device.
3.- the user's country of residence.
4.- the type of Internet connection.
5.- the user's time zone.
6.- and information about the application with the Trojan moduleclicker

All this information and more is packaged and sent to the malware's command and control (C2) server which, in turn, will transmit commands and new modules that will be used, for example, "to register a broadcast receiver and observer of content, which Android.Click.312.origin uses to monitor application installation and updates ".

Once the user installs a new application on the infected device via the Play Store or from an APK installer, the Trojan will send information and technical data about the device and the newly installed application to its C2 server, which sends URLs to open in a browser. , an invisible WebView or in the Play Store.

"Therefore, depending on the settings of the command and control server and the instructions it sends, the Trojan can not only advertise applications on Google Play, but can also covertly load any website, including advertisements (even videos) or other questionable content,"

Clicker infection technique Android?

To hide the true purpose of the applications, as well as to reduce the probability of detecting malware,
Tthe cybercriminals used various techniques.

First Method, the clicker was incorporated into innocuous applications (cameras and image collectors) that really worked and performed their functions.

Second Method, all malicious applications were protected by the commercial Jiagu packager, making it difficult for antivirus to detect the problem and difficult to analyze the code. Therefore, malware is more likely to avoid detection through the built-in protection of the Google Play catalog.

Third Method, the malware authors tried to disguise the Trojan as well-known advertising and analytical libraries: after being added to the media programs, it embedded itself in the Facebook and Adjust SDKs that were present in it, hiding from the antivirus.

How it attacks Trojan Clicker Android?

The clicker attacks users selectively: it did not perform malicious actions if the potential victim was not a resident of one of the attackers' countries of interest.
After installation and launch, the clicker tried to access the operating system notifications by displaying the following request:
If the user agreed to grant the necessary ones, the Trojan could hide all incoming SMS notifications and intercept the text of the messages. The clicker then transmitted technical data about the infected device to the control server and verified the serial number of the victim's SIM card.

If it matched one of the destination countries, the malware sent information about the phone number associated with the server. At the same time, the clicker was displaying a phishing window for users from certain countries, asking them to independently enter a phone number or log into a Google account.

Countries of interest Trojan Clicker?

If the victim's SIM card did not belong to the attackers' countries of interest, the Trojan took no action and stopped the malicious activity. The investigated malware modifications targeted residents of the following countries:

• Alemania
• Katar
• Polonia
• Grecia
• Irlanda

How it works Trojan Clicker?

After sending information about the user's phone number, the Trojan waits for commands from the command-and-control server. Submit the malware tasks, which contain the URLs of the download sites and JavaScript code. This code is used to control the clicker through the JavascriptInterface, display pop-up messages on the device, click on web pages, and more.

Upon receipt of the website address, the Trojan opens it in an invisible WebView, where the previously accepted JavaScript with click-through parameters is also loaded. After opening a website with a premium service, the Trojan automatically clicks on the necessary links and buttons. Then you receive the SMS verification codes and independently confirm the subscription.

Despite the fact that the clicker does not have the function of working with SMS and accessing messages, it ignores this limitation. For example, the Trojan service monitors notifications from an application that is assigned to work with SMS messages by default. When a message arrives, the service hides the corresponding toast notification. Then, it extracts information about the received SMS and transmits it to the Trojan relay receiver. As a result, the user does not see any notification about incoming SMS and does not know what is happening. You find out about the subscription to the service only when the money begins to disappear from your account, or when you enter the messages menu and see SMS related to the premium service.

Trojan Dubsmash 2 Clicker?

A fake popular app has been uploaded to Google Play. It is a mechanism by which criminals make profit according to the number of clicks by displaying malicious sites without permission. Although these applications have already been removed ..

A malicious application Dubsmash 2 that resembles the popular application "Dubsmash" that can create funny videos was discovered on Google Play in late May 2015.

Dubsmash 2 is a clicker-type Trojan that infects when in a smart phone (or tablet) with Android operating system. Forcibly displaying the malicious site out of the user's view. The mechanism is that online criminals make profit according to the number of clicks. is the common name of the malware.

By based on the oven-dry side, the real "dubsmash" is a very popular video scammers related app. You can from the recently Select. One Of The Recorded Audio Files And Create A Delicious Video According To The Audio, Which You Can Share On WhatsApp Or Facebook Messenger.

Users who download this malicious Dubsmash 2 application as a new version of "Dubsmash" will be victims of "click fraud" when they launch the application. It will not be a serious situation, such as the theft of personal information, but affect the package, etc. clicking on the porn site one after another without the user's view. You will probably only notice the actual damage when you look at your next bill.

Dubsmash 2 was also first discovered on Google Play,

Right now, the malicious app has already been downloaded more than 100,000 times. If All This Was Installed And The Malicious Site Was Displayed At Least Once, That Would Only Have Generated A Significant Profit For The Network Criminal.

Mejores APK for Android

Whatsapp-Apps-Android,-- Cyber-Likes-for-Android-- Auto Liker---- Sporty-Music-Apps-Android-- Smart-tv-Apps-Android-- flamingo-Apps-Android-- folder-loc-Apps-Android-- GameCIH-Apps-Android -- High-VPN-Apps-Android-- Kkgamer-Apps-Android -- Messenger-Apps-Android-- MX-Player-Apps-Android -- NetGuard-Apps-Android-- Radio-Recorder-Apps-Android-- VideoShow-Apps-Android-- WhatsApp-Messenger-Android-- MY-Talking-Tom-Apps-Android-- How-Find-MY-Android -- IndoLiker-APK-Facebook-Android-- IG Best Likes-- FlyVPN for Android-- FL Studio for Android-- BOOM Music Android-- King Root Android-- Camera FV 5 Android-- Emulador PPSSPP Android-- Velo VPN Android-- yoWhat Android Recover Whatsapp-- Install APK-- Create Cloud-- Telegram Messenger-- App LINE-- Firmware MIUI -- Clouds MIUI-- Recover SSD-- Recupera SSD

The best of Security Portal

Recover SD card Corrupted-- Anti Theft Phones-- How To Manage Paswords-- Disable Android-- Configure Mobile Kids-- APPs safe pay -- Disable ADS -- Ramsomware -- Spy Stalkeware

Index Timos, Timos Telefonicos, Timos Telefonos Fijos, Timos Moviles, Estafas Nigerianas, Estafas Internet , Erotismo Internet , Comercio Electronico , GUARDIA CIVIL, Ataques Internet, Timos Navidades. , Que Hacer Acoso Menores , Robos Casas , Robo Identidad, Cyberbullyingt, Claves Seguras. , Cifrado Datos Ayudas Fraudes Peligros WIFI , San Valentin , Solicitud Empleo, Mitos SEO, Proteger Ordenador, Estafas Verano Timos Facebook Timos Twitter , Estafas SEO, Proteger PC , Ultimas Estafas , Proteger Ordenador, Smartphone, Adiccion Facebook, Adiciones Internet, Estafas SMS, Firma Electronica, Stalkerware moviles, Fraudes S.Tecnicos, Rechazar LLamadas, Fraudes Phishig, Ransomware, -- Solution Android-- Errores Android

Privacy Policy....Informacion Cookies

House Alarms
Improve Windows work
How they rob the house

Trojan Clicker Dangers on Android .-

¡¡Traductor Google¡¡