loader gif

New variant of Clicker trojan found infecting over 51.7 million Android users

New variant of Clicker trojan found infecting over 51.7 million Android users
  • The malware is distributed via 34 malicious apps related to dictionaries, online maps, audio players, barcode scanners and other software.
  • The malicious apps carrying the trojan is not only advertised from Google Play Store but it is also distributed via third-party websites.

A new version of Clicker trojan named Android.Click.312.origin has been found infecting over 51.7 million users. The malware is distributed via 34 malicious apps related to dictionaries, online maps, audio players, barcode scanners and other software.

What are the trojan's capabilities?

Discovered by researchers from Doctor Web, the trojan sends the following information about the infected device to the C2 server once it is launched.

  • Manufacturer and model
  • Operating system version
  • User’s country of residence and default system language
  • User-Agent ID
  • Mobile carrier
  • Internet connection type
  • Display parameters
  • Time zone
  • Data on apps containing the trojan

About the malicious apps

The malicious apps carrying the trojan is not only advertised from Google Play Store but it is also distributed via other third-party websites. Some of these apps charge users for an unwanted subscription without their knowledge.

The malicious apps misuse the WAP-Click technology when the device is connected to the internet via a mobile carrier.

Trojan creation in progress

Apart from Android.Click.312.origin, Doctor Web has also identified a new version of Clicker named Android.Click.313.origin trojan. The malware variant has been downloaded by at least 50 million people.

Bottom line

Doctor Web has informed Google about this trojan and the related malicious apps. In addition, several apps have been updated in order to remove the malicious component.

loader gif