April 29, 2016
All applications containing Android.Click.95 have a quite simple architecture. Typically, these are entertainment applications such as advice apps, horoscopes, dream-books, jokes, and other information for all occasions which the Internet is flooded with. Doctor Web security researchers discovered 190 of such-like applications on Google Play distributed by the following developers: allnidiv, malnu3a, mulache, Lohari, Kisjhka, and PolkaPola. Moreover, at least 140,000 users have already installed these malicious applications. We have informed Google about this incident but the majority of the programs are still available for downloading.
When Android.Click.95 is on the device, it starts to perform its malicious activity not right after the installation or running of a program but in 6 hours trying to hide a real source of infection. After a 6-hour waiting, Android.Click.95 checks whether the infected device has an application specified in the Trojan’s configuration. If the application is missing, Android.Click.95 opens a fraudulent website which prompts the user to choose another browser because the current one is allegedly not safe to use. If the necessary application is installed on the device, the Trojan shows another fake warning, for example, about battery malfunction.
To solve a sudden problem that that the user had no clue about, the victim, of course, has to install a fraudulent application. And to ensure downloading the offered application, Android.Click.95 displays the bogus webpage every 2 minutes making it almost impossible to use the device.
If the user decides to download the malicious application, they are redirected to the Google Play store and right to the relevant section in which this app is located. For each download, fraudsters receive interest under the terms of affiliate advertising agreements. It explains why Android.Click.95 is so much wide spread—the cybercriminals try to make as much profit as they can from these downloads.
Doctor Web strongly advises Android users to be very careful and not to install dubious applications even if these applications are distributed via Google Play. Dr.Web for Android successfully detects and removes Android.Click.95, and, therefore, this malicious program poses no threat to our users.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.