A Trojan Clicker has been found by Malwarebytes on Play Store!

Recently, Security Researchers of Malwarebytes have found a “Trojan Clicker” in an Android application, which is available on Google Play Store in free. It is a Russian Application actually and on many third party application stores, its regional version is also available. The name of the application is “Mayis Guzel Aydir”. Its translated version is available on the play stores with name “May Beautiful Overnights”.

Brief Information about “Mayis Guzel Aydir” Application

The authors behind this application are very smart. When user will install this application, a home screen will appear. It will take some time for starting its working process and at the end it will give an error message. User will uninstall this application immediately, because it will irritate the user. But it doesn’t matter, if you are uninstalling the app or not. Because it is a trick, which has been used by bad actors for installing malfunctioned files into the device of victim. During that loading process, the application is actually installing malfunctioned files into the program files of device. Uninstalling the app will not be a solution of this problem, because the damage has been done by the app already.

How it Works?

It is a “Porn Clicker Trojan”. The malicious files installed by this application will produce adult “Pop-Ups” on victim’s device. It will show free signups “Pop-Ups”. When user clicks on it, it will redirect the user on other third party malicious websites. The purpose of its authors behind the development of this application, is getting more revenue on the basis of “Pay-Per-Click”. More the victims will click on the Pop-Ups, more the scammers will get paid.

Security Researchers of Malwarebytes have found OnCreate() Javascript function in malicious coded files. This function is capable to choose websites randomly, on which Pop-Up will redirect the victim. A list of third party websites is available in the malicious files, for which scammers are getting revenue through Pay-Per-Click. In simple words, “When You will click on that Pop-Up, Scammers will get revenue because you are visiting their website. But for you, there will be adult links only which are malicious too.”

Conclusion

Android application “Mayis Guzel Aydir” is a “Porn Clicker Trojan” , which has been used by hackers for getting revenue on the basis of “Pay-Per-Click”. This application has more than 6,000 downloads with 3.2 ratings. Many other applications are available on Play Store with same name but with different versions. For eg. “Mayis Guzel Aydir 2”, “Mayis Guzel Aydir 2.1” etc. Users have to check every application carefully before installing it. Check reviews for that application and Google about that application. Never install applications form third party App Stores.

Source: Malwarebytes