Android devices are at risk of being hit by a new wave of malware attacks, including one downloadable from the Google Play Store, according to an alert from cyber security firm Stealthcare.
Malware dubbed HeroRAT can be distributed via a remote access trojan that abuses the telegramprotocol, enabling hackers to gain command and control (C2) for data exfiltration.
Hackers avoid detection because the traffic is between the user and trusted upload servers.
Additionally, the advanced battery saver application that users can download from the Google Play Store is "laced with functionality to steal information and silently click advertisements", said the company.
"The app propagates via pop-up messages that redirect users to its Play Store landing page," said Stealthcare CEO, Jeremy Samide, in a statement.
"The ad clicking component is obviously designed to generate revenue for the operators, but it remains unknown how the operators plan to leverage stolen information from the over 60,000 users who have so far been infected."
Samide said that Android is an attractive target because it is the dominant operating system globally, and many of its users run outdated versions of it on their smartphones, tablets and other devices.