Researchers found and reported two apps that remained
available on Google Play for more than a year containing ad-clicking malware.

The notepad app Idea Note and fitness app Beauty Fitness were
created by the developer Idea Master were in the store for more than a year
being downloaded about 1.5 million times. Symantec Software Engineer May Ying
Tee believes the apps stayed undiscovered for so long was their use of a
legitimate packer, which complicated any attempt of a security pro to
understand the Android Package Kit’s behavior.

Once the app is downloaded it posts a notification for the
user to click. Once this is accomplished Toast is used to display an advertisement.
However, unlike other similar scams the ad is not hidden, but displayed on the
screen just outside the viewable area.

“This is done by first creating a Canvas outside the
device’s viewable display such that, technically, the advertisements are drawn
on the device. By using the translate() and dispatchDraw() methods (see Figure
4) the position of the drawings are beyond the device’s viewable screen area
and the user is unable to see the advertisements on their device,” Tee
wrote.

The malware then starts clicking on the displayed, but
unseen, ad generating revenue.

The primary negative affect is draining the devices battery,
data usage and slower performance do to the incessant clicking.





Once reported the apps were promptly removed by Google.