Malware using new precision-targeted tactics to distribute adware hid on the Google Play store for two months and infected over 10,000 Android users before being removed.
Called ‘Skinner’ the malware will display unwanted ads to user, but does so in a way which avoids raising suspicion that they’re malicious by specifically targeting them to go with the app the user is currently using.
Discovered by cybersecurity researchers at Check Point, Skinner is far from the first instance of malware to be discovered on the Google Play store – but this one uses sophisticated new tactics.
Rather than outright infecting as many victims as possible, it’s in Skinner’s interests to be discreet and avoid detection in order to prevent raising alarms and continue the distribution of adverts for raising clickthrough revenue.
These ads are ones the users wouldn’t see unless infected with Skinner and by clicking through them it generates ad revenue for the developers. Generating revenue is on the only goal of Skinner – it doesn’t distribute further malware or direct users to malicious websites – it’s in its interest to stay below the radar.
The malware was embedded in an app described as providing “game related features” and once downloaded from Google Play, it tracks the user’s location and actions, as well as being able to execute code from its Command and Control server without the permission of the user.
Submitted by: Arnfried Walbrecht