Home Malware Programs Malware Haken

Haken

Posted: February 24, 2020

Haken is a Trojan clicker that creates advertising revenue with fraudulent traffic. Haken runs on Android devices and circulates by bundling itself with otherwise-functional apps, such as games and compass applications. Users should check app reviews for discrepancies related to such attacks and use anti-malware utilities for removing Haken safely.

A Ghost Haunting Your Phone with Unseen Clicks

While it's not bereft of security, the Google Play store's prominence as a central hub for app distribution makes it an increasingly-favored target by black hat programmers circulating profit-seeking threats. 'Deliverymen' Trojans like Necro, ad injectors like Agent Smith and the newest Trojan clicker, Haken, all make their home there. While recent applications hosting the last of these three dangers are no longer up, Haken has compromised over fifty thousand Android devices in the meantime.

The confirmation of Haken's presence on the store coincides with renewed, similar exploits by Joker, a separate family with equally profit-based attacks. Typical disguises for Haken include fully-working applications, such as compass tools or various children's' games, which also include additional code for running the Trojan. The installation process has a request for additional permissions related to running Haken automatically on startup, which is the earliest and most visible symptom of the app's maliciousness.

After it's running, Haken contacts its C&C server for configuration details, while a second 'worker' component injects code into advertising classes such as Facebook and AdMob. It simulates ad clicking interactivity from users with a reflection-called MotionEvent, which gives revenue to the threat actor for the fake traffic. While malware experts don't rate Haken among the highest-distributed Android Google Play Store Trojans, it is noteworthy that it's achieved tens of thousands of installations before its detection by third-party security companies.

Purifying Your Webpage-Clicking Experience

While malware experts can't confirm any additional features in Haken, some victims are reporting side effects related to Haken infections. The Trojan may access the camera without permission, generate unwanted pop-ups, or instigate performance and stability issues, such as black screens. Whether it does so or not, its presence is an inherent security risk that takes control of the web-browsing experience and device resources away from the owner.

Sufficiently-canny users should check reviews of new applications for potential signs of bundling with Trojans, adware, or other threats of a similar nature to Haken. Although Google does curate its application store and removes infected applications like Haken's hosts routinely, this process isn't a perfect defense. Users also should avoid downloading unofficial applications on non-curated sources, such as unknown websites, particularly.

As a new family of Trojan clickers, Haken's development will almost definitely continue evolving since its discovery. Where there's money to make off of advertisements, criminals will do so, even if it requires them hijacking someone's phone for the purpose.

Loading...