Google has moved to remove six Android applications that exhibited malicious behavior according to Russian security vendor Dr.Web, who says they were infected with thetrojan.
The apps were Battery Booster; Power Booster; Blue Color Puzzle; Blue And White; Battery Checker; and Hard Jump – Reborn 3D. The developers of these apps are ZvonkoMedia LLC, Danil Prokhorov, and horshaom.
Android.Valeriy made over 55,000 victims
Before being taken offline, Dr.Web says the apps were downloaded in total by over 15,500 Android users. The security firm says it managed to break into the trojan’s C&C server and discovered that in reality, more than 55,000 users were infected with the Android.Valeriy malware.
The trojan comes to life after users install the aforementioned apps. Android.Valeriy connects to a C&C server from where it gets a list of URLs and then opens these links in the WebView (browser) component.
This is specific adware behavior and is enough to get the apps banned from the Play Store. Unfortunately for infected users, the trojan doesn’t stop here though.
Android.Valeriy shows adware and click-fraud behavior
Android.Valeriy will also subscribe the user to premium phone numbers in various affiliate marketing programs that generate profit for the crooks. This happens quite often and the trojan can rack up a pretty big phone bill if left alone for a few days.
Worse is the fact that the trojan includes functionality to intercept the confirmation SMS messages and hide them from the human user.
Furthermore, Dr.Web researchers also report a click-fraud behavior, since the trojan also opens URLs in another WebView component and taps on ads or presses download buttons. The security vendor reported seeing the trojan download other apps on the victim’s phone.
In recent months, the number of Android malware has skyrocketed and the best way to protect yourself against such threats is to use a mobile antivirus.