Skinner is Android adware that was found on the Google Play Store by Check Point researchers in March 2017. It is sophisticated adware, using its author’s own code, making reverse engineering difficult. It is disguised in the application’s modules, hidden in layers of obfuscated code. The malware conducts a series of checks, including if the user has opened the app, if there are known debuggers and hardware emulators, and if the app it launches from was installed from the Google Play Store. Skinner will then collect data from the infected device, send it to its C2 server, and wait to receive ads. It displays ads based on the type of app running. Skinner is the the first Android malware variant capable of tailoring ads to its victims. Skinner was present within one app on the Google Play Store for two months before being discovered. It was downloaded approximately 10,000 times.

Technical Details

• Check Point provides technical details on the Skinner adware, here.