A bunch of virus containing apps got onto the Google Play store in past two years, which contains the virus to gain access to user's phone.
"Operating under the guise of playable games and functioning utilities, the apps also have downloader capabilities, if the command-and-control server instructs them to retrieve other files", says Sophos. But, before November attackers were using them to serve ads generating clicks to earn money.
Following the Sophos report Google has deleted 22 apps from the Play store. Furthermore, the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server. To prevent users from suspecting their phones were infected, the apps displayed the ads in a window that was zero pixels high and zero wide.More news: China Summons US Envoy to Protest Tech Executive's Arrest in Canada
More news: Saudi foreign minister rules out extraditing suspects in Khashoggi case
More news: Police reviewing alleged racial abuse against Manchester City's Raheem Sterling
The latest round of takedowns has to do with 22 apps that used a backdoor to enable developers to simulate ad clicks. This is a worrisome revelation, as it suggests that even apps that are initially deemed safe could become malicious further down the line with a simple update. It's unclear how many developers will take the company up on that idea due to the relatively small market share for Android 4.0 devices. What's more, according to Sophos, the impressions were made to appear as though they were coming from iPhone users. Google apparently removed them about a week ago. But if your app still does have a large number of users on older devices, you can build multiple APKs to support those devices, the post said. Yet again these apps weren't pulled until a major report was published that outlined their nefarious activities, but Google did act quickly once it was told of the nefarious apps. Carefully reading reviews can sometimes help, but the rave reviews numerous Andr/Clickr-ad apps received underscores the limits to this measure.