A new version of Clicker trojan named Android.Click.312.origin has been found infecting over 51.7 million users. The malware is distributed via 34 malicious apps related to dictionaries, online maps, audio players, barcode scanners and other software.
What are the trojan's capabilities?
Discovered by researchers from Doctor Web, the trojan sends the following information about the infected device to the C2 server once it is launched.
About the malicious apps
The malicious apps carrying the trojan is not only advertised from Google Play Store but it is also distributed via other third-party websites. Some of these apps charge users for an unwanted subscription without their knowledge.
The malicious apps misuse the WAP-Click technology when the device is connected to the internet via a mobile carrier.
Trojan creation in progress
Apart from Android.Click.312.origin, Doctor Web has also identified a new version of Clicker named Android.Click.313.origin trojan. The malware variant has been downloaded by at least 50 million people.
Doctor Web has informed Google about this trojan and the related malicious apps. In addition, several apps have been updated in order to remove the malicious component.