Fake Alisa app found delivering Android.Click.248.origin Trojan

• The Trojan redirects victims to a phishing site where they are invited to download a program or to receive a reward.
• Over 127 malicious apps have been detected on Google Play Store in August.

Security researchers have discovered several malicious applications on Google Play Store being used to generate illegal revenue. Among these malicious apps, an Android Trojan named ‘Android.Click. 248.origin’ has been detected that is currently being distributed in the form of a fake app for Yandex’s voice assistant Alisa.

The malware’s authors are using the fraudulent app to attract and infect a large number of users. When users click on the fake app, the Trojan is executed and users are unknowingly subscribed to various premium services without their knowledge.

The malware redirects victims to a phishing site where they are invited to download a program or to receive a reward. The victims are then prompted to enter their phone numbers to receive a confirmation code. In reality, the code is required to confirm the subscription process to a paid service.

Other malicious application detected

Doctor Web security researchers detected 127 malicious apps on Google Play Store distributed by 44 developers last month. The researchers found most of the malware belonged to the Android.Click Trojan family.

Once launched, these Trojans connect to the command and control (C&C) server and download malicious tools that could compromise the victim’s phone. Although it is still unclear how many users have been affected by the fake Alisa app, Bleeping Computer reported around 10,000 individuals have already fallen victim to these 127 fraudulent apps.

To stay safe from such malicious apps, Doctor Web has requested users to review the applications before downloading them from Google Play Store.

“It is necessary to pay attention to the developer’s name, publication date, and reviews from other users. These simple measures can decrease the risk that the mobile device will become infected,” Dr. Web researchers said.