Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user’s behavior. When an FCM message receives and meets some condition, the latent function starts working. The picture below shows some of FCM message history: The FCM message has various types of information and that includes which function to call and its parameters. To open popup or not when starts PowerService Initial start hours after first installation However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques. At first glance, it seems like well-made android software. After the configuration is downloaded, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages. Once the application is opened, it downloads its remote configuration by executing an HTTP request. The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Camara, Unit converters, and Task managers: For more information, to get fully protected, visit McAfee Mobile Security. McAfee Mobile Security products detect this threat as Android/Clicker and protect you from malware. Users are also protected by Google Play Protect, which blocks these apps on Android. McAfee security researchers notified Google and all of the identified apps are no longer available on Google Play. In total 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations. Recently the McAfee Mobile Research Team has identified new Clicker malware that sneaked into Google Play. As we have previously reported, we have seen many mobile malwares masquerading as a useful tool or utility, and automatically crawling ads in the background. Cybercriminals are always after illegal advertising revenue.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |