Evina has been observing a new ads and subscription bot family on Google Play. After Joker, it is a new malware family targeting carrier billing and advertising. This type of fraud is becoming more and more widespread and is now able to bypass Google’s detection system.
The malware — going by the name Venus (the class name which executes the fraud) — simulates the interaction with ads and subscribes the user to premium services without him noticing it. The browser is fully invisible during the on-going fraud.
The Venus malware has been attacking since late October and has reached the following countries: Belgium, France, Germany, Guinea, Morocco, Netherlands, Poland, Portugal, Senegal, Spain, and Tunisia.