Last Updated:

Applications with 1.5 million installations engaged in click fraud and discharged device batteries

Web App
Web App Android

Symantec experts found on Google Play malicious applications that clicked on “invisible” ads, reduced the performance of infected devices and drained their batteries.

Click fraud functions were found in the application for notes (Idea Note: OCR Text Scanner, GTD, Color Notes) and the fitness application (Beauty Fitness: daily workout, best HIIT coach), which were installed more than 1.5 million times and downloaded on Google Play over a year ago by Idea Master.

Malicious application activity began with a message through the Android Notification Manager, clicking on which launched a hidden ad display. Researchers say the creative Malware developer used Toast Notification to load ads. The fact is that such a method made it possible to hide advertising from the victim by placing a notification outside the visible part of the screen.

Analysts say that applications have been undetected for a long time due to the use of a legitimate packer, which is commonly used to protect intellectual property. This hampered the work of Google’s automated scanners and the work of information security experts who studied the APK.

And although the advertisement was invisible to the owners of infected devices, the operation of the malvari negatively affected productivity, the battery started to discharge much faster, and visits to numerous advertising sites generated additional mobile traffic.