Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
Symantec experts found malicious applications on Google Play that clicked invisible ads, slowed down the performance of infected devices and drain their batteries.
Click fraud features were found in the note app (Idea Note: OCR Text Scanner, GTD, Color Notes) and the fitness app (Beauty Fitness: daily workout, best HIIT), which were installed over 1.5 million coach times and downloaded in total. on Google Play over a year ago by Idea Master.
Malicious application activity started with a message via Android Notification Manager, clicking on which triggered a hidden ad display. Researchers say that a creative malware developer used Toast Notifications to load ads. The fact is that this method made it possible to hide the advertisement from the victim by placing the notification outside the visible part of the screen.
For example, the malware author used translate () and dispatchDraw () and the Canvas object was invisible to the user. After that, an automatic clicker entered the business, which clicked ads, which brought income to the application developer.
Analysts point out that applications have long gone unnoticed due to the use of a legitimate wrapper commonly used to protect intellectual property. This made it difficult for Google's automatic scanners and the work of cybersecurity experts who studied APKs.
Although the advertisements were invisible to the owners of the infected devices, the malware had a negative impact on performance, the battery started to drain much faster, and visits to numerous advertising sites generated additional mobile traffic.
