IT discovered one of the large-scale malicious campaigns on Google Play
By Prempal Singh
Researchers Check Point reported on one of the most extensive campaigns to spread malicious software to Google Play.
Experts have found an advertising tool for Judy “wrap” clicks in the 41 application of one of the Korean companies. The malware automatically clicks on a huge number of advertising banners, thereby bringing profits for their creators.
As the researchers report, malicious software was downloaded from Google Play from 4.5 million to 18.5 million times. Some were distributed through the official store of Google applications for several years, but recently they have received updates. How long the malicious code is present in the application, is unknown.
The developer of the malware is a Korean campaign Kiniwini, registered in Google Play as an ENISTUDIO corp. and engaged in the development of applications for Android- and iOS-devices. As noted by the researchers, the spread of malicious software rarely is the real-life company. As a rule, such activity is typical for cyber criminals. It is not about display advertising and the illegal use of user devices for fraud for profit.
In addition to “wrap” clicks, the malware displays a huge number of advertising banners, leaving no possibility to close them, in many cases, with the result that the user is forced to click on a banner.
The researchers also found several applications with malicious code from other developers, but it is still unclear whether the two campaigns linked. Perhaps some crooks borrowed code from others.
Check Point experts notified Google about malicious applications, and the company quickly removed them from his shop.