Malicious Android apps hijacked phones to click on ads

(Image credit: Pixabay)

Android users have been warned that certain apps may have hijacked their devices to click on malicious ads.

New research from Symantec has shown that cybercriminals are using apps to auto-click on mobile ads to generate a profit.

Two main culprits were identified by the security company, with the compromised apps having been downloaded more than 1.5 million times after going undetected on the Play Store for more than a year.

Hijacked

The malicious apps both come from a developer called Idea Master, one being a notepad app (Idea Note: OCR Text Scanner, GTD, Color Notes) and the other a fitness app (Beauty Fitness: daily workout, best HIIT coach)

Symantec's researchers found that the apps utilise embedded advertisements, which are typically placed strategically beyond the normal viewable area of mobile device’s screen area. This will then initiate an automated ad-click process that stealthily generates revenue for the criminals.  

Users affected by the apps may see their device's battery draining far faster than usual, as well as performance of the device slowing down. 

Some users have even been stung by an an increase in their mobile data usage due to frequent visits to ad sites, potentially leading to higher than expected bills.

Symantec says the two apps are still present on the Play Store, and has urged any users that have downloaded either program to uninstall it immediately.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.