Android Malware Clicker.G!Gen Found on Google Play

By on

Recently the Mobile Malware Research Team of McAfee found on Google Play a new campaign of Android/Clicker.G in dozens of published malicious apps. This threat targets Russians but the apps are accessible worldwide.

20160504 Android 1

The attackers lure their victims with apps associated with health care, sports, food, games, and many other topics. Some of the apps have good reviews; they range from low installations to some with between 1,000 and 5,000 victims.

20160504 Android 2

One application loads a web view with content from different sources that could offer some value to the victim, gaining some credibility with users.

20160504 Android 3

To appear legitimate, this threat does not immediately execute the malicious payload. Six hours after the first execution or boot (BOOT_COMPLETED) the nightmare starts. Once the process begins, the victim will see unwanted advertisements or fake system updates from hxxp:// every two minutes. These alerts can redirect the victim to download other threats that can compromise the victim’s device and data.

Unlike most sophisticated malicious apps, this one does not hide its behavior; the payload is not encrypted or obfuscated:

20160504 Android 4

McAfee Mobile Security detects this Trojan as Android/Clicker.G!Gen. We have already reported hashes, developer names, and accounts to Google Play. We have also found this malware in third-party markets and have notified them. However, the threat remains active and may be distributed in other markets or by other methods, so we recommend you keep a security solution on your smart phone to avoid infection.

We would like to thank Android Security for promptly responding to our takedown request yesterday.

For more information about McAfee Mobile Security, visit


SHA-256 hash of analyzed sample:

  • 5733210ca0218b5578e95c289b58b92c14639f4e9a29ad07f0e5528dd4cf21b9

Malicious host:

  • hxxp://update-sys-android[dot]com/

One comment on “Android Malware Clicker.G!Gen Found on Google Play

Leave a Comment

Similar articles

You’ve probably heard of the popular video conferencing platform, Zoom. This platform enables its millions of users in various locations to virtually meet face to face. In an effort to enhance user experience and work around changes in Safari 12, Zoom installed a web server that allows users to enjoy one-click-to-join meetings. Unfortunately, a security ...
Read Blog
Since the early ‘90s, Linux has been a cornerstone of computer operating systems. Today, Linux is everywhere — from smartphones and streaming devices to smart cars and refrigerators. This operating system has been historically less susceptible to malware, unlike its contemporaries such as Windows or Mac OS. However, the widespread adoption of IoT devices has ...
Read Blog