A spokesman for Wandera had this to say about the recent discovery:
“The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network.”
All of the infected apps come from AppAspect Technologies, Pvt. Ltd. They are a company based in India with more than fifty different apps available on Apple’s App Store and more than two dozen available on Google’s Play Store. What can’t be determined is whether the malicious code was injected into these apps unintentionally by making use of a compromised third-party framework, or if it was an intentional decision.
Again, from the researchers at Wandera:
“This discovery is the latest in a series of bad apps being surfaced on an official mobile app store and anther proof point that malware does impact the iOS ecosystem. Mobile malware is still one of the less frequently seen threats in the wild, but we are seeing it used more in targeted attack scenarios.”
The Wandera researchers concluded their report with a recommendation. They suggest that all mobile users (whether they are in the Android or iOS ecosystems) make use of mobile security solutions that keep malicious apps from communicating with their command and control servers. This serves as a means of protecting their data from being stolen. It’s good advice, and these types of threats are certainly something to keep a watchful eye out for.