A variant of Android/Trojan.FakeApp is stealing the identities of popular applications (apps) such as TrueCaller and Torque Pro. As soon as the FakeApp is installed a shortcut with an icon stolen from one of these popular apps is created, and a notification pops up. The notification also appears whenever the shortcut icon is clicked.
We’ve discovered a Trojan clicker on the Google Play store doing far more than advertised. The app name in Turkish is “Mayis Guzel Aydir”, which roughly translates to “May is a Beautiful Month”. Clicker App / When you open the app, the full-screen eyeball gives off a definite 2001: A Space Odyssey vibe.
We take a close look at the functionality of a new variant of the DNS-changer adware family. Especially the use of encoded scripts as a way to bypass the Powershell execution protection.