Android Click Stealing Malware Infects Tens Of Millions Of Devices


Seems the coming apocalypse will be powered by Android. Just days after finding out about a weakness which allows a hacker to take ownership of an Android device, we now learn of a vulnerability which allows Android apps to install malware which steals ad clicks, defrauding advertisers on Google's ad platform.

Once again the security of Android - and Google's ability to close weaknesses comes into question. In this case a number of games under the banner 'Judy' have been identified as exploiting this weakness and Checkpoint, who uncovered the scam, estimate more than 38 million installs of the app worldwide.

Which begs the question, how many other apps in the Play Store are exploiting this same vulnerability and, for advertisers, what does this say about the reliability of the statistics and charges being generated by Google's ad platform?

Google has reportedly removed the apps after being informed of the issue but with another million apps sitting in the Play Store, any of which might be pulling the same scam, that's  a weak response.

Almost as an aside on this one, if it's possible to deploy this sort of code using a Google Play Store app, just what else can be achieved on your device by someone intent on profiting from your information?

Makes an Android device look like a very risky tool just at the moment.

0 comments: