Another Ad Clicking Bot Malware in Android Leaves 60,000 Infected

Another day, another malware, and this has become so normal and regular now. We are all so tired of cyber threats now. As we aren’t safe anywhere anymore. So, there is no point of getting worried about it.

Talking about malware, RiskIQ recently discovered an Android malware. And guess what, 60,000 devices are already infected.

Well, RiskIQ is a digital threat management organization, where everyday thousands of web pages with scams are discovered in every category, from fake service ads to cash prize winning ads, and many more scams.

How Does This Ad-Clicking Malware Work?

According to RiskIQ, there is a mobile scam ecosystem, which can pop up any of the messages given below on your screen:

– Your device is running low!

– You need to update your device!

– Or you need to install this antivirus to save your device!

But, this malware does something different in terms of scam. It tricks you into downloading another malicious app named ‘Advanced Battery Saver’ that performs the functions and has features mentioned on its page for real on Android devices:

1. First it pops up a fake warning adware over your Android phone screen.

2. When the user taps on ‘Install’ or ‘Cancel’, it redirects them to another unknown server that forwards user directly to some malicious app on Google Play Store. This app performs the following functions on infected Android devices:

Improves battery performance by removing strains to lengthen battery life.

Close and remove the background processes that use extra resources while the phone is on charge or is running low on battery.

Monitors battery status.

And, when user taps on the back button instead of ‘Install’ or ‘Cancel’, then it displays an ad on the screen telling that ‘Your mobile might still be slowed down’. Also tells user to stay on the page and download and install the recommended app.

Also Read : SamSam Ransomware: An Elusive Malware

What Permissions Does This App Have?

The shocking thing is, this app itself allows several permissions without user knowing about it. Some of the permissions that it gains access to are:

Read sensitive log data

Receive text messages (SMS)

Receive data from Internet

Pair with Bluetooth devices

Full network access

Modify system settings

After having access to all these, we are sure anyone could easily find out about what you are up to and what your activities are.

Is It Still Available On Google Play Store?

On the whole story RiskIQ published a blog that stated,

“Many of the millions of scams we crawl at RiskIQ are relatively straightforward, but every once in a while, we find something unique. Usually, scams point to other web pages, but in this case, we noticed one that redirects victims who click to Google Play, where they are served a malicious app.”

RiskIQ also found out about the app developers, as Google always keeps transparency in mind, researchers were easily able to find out about Advanced battery saver app and its developers.

And on finding out about the app developers they stated, “We can find a bit more on the email address of the developer aveddikoa@gmail.com which used to have another app on the Play Store which was either removed by the developer him/her-self or Google we are not sure.”

This app was available at the Google Play Store on the link But, soon it was removed and taken down that is why RiskIQ researchers were able to only archive APK of this app.

Also Read : BabaYaga: Malware That Removes Its Competition

So, this was it guys! Things like Malware attacks and other cyber threats now can’t be stopped. The only thing that can be done is, make sure you don’t indulge in any kind of activity that seems harmful or can be injurious for your system or device.

If you found this helpful, please let us know. You can also drop your feedback in the comment section below.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *