Click-fraud malware found lurking in more than 50 Play Store apps
Researchers at Check Point have identified an auto-clicker malware family operating inside the Google’s Play Store.
Disguised in over 56 applications and downloaded over 1,000,000 times globally, the malware -- dubbed 'Tekya' -- commits mobile ad fraud by imitating the actions of a user, clicking ads and banners from ad agencies like Google's AdMob, AppLovin', Facebook, and Unity.
Of the infected applications 24 targeted children, ranging from puzzles to racing games. The rest of the infected applications targeted users of utility applications, such as cooking, calculator, download, and translator apps.
Tekya infiltrated the Google Play Store by hiding its malicious intentions in native code -- code that is configured to run only on Android processors. As a result, Tekya was able to avoid detection by Google Play Protect, a system designed by Google to keep Android safe.
"To us, the amount of applications targeted and the sheer number of downloads that the actor successfully infiltrated into Google Play is staggering," says Check Point's manager of mobile research, Aviran Hazum. "Combine that with a relatively simple infection methodology, it all sums up to the learning that Google Play Store can still host malicious apps. It is difficult to check if every single application is safe on the Play Store, so users cannot rely on Google Play's security measures alone to ensure their devices are protected."
If you think you may have downloaded an infected app you should uninstall it from the device, make sure you are up to date with the latest security patches and install a security solution to prevent future infections.
Check Point researchers responsibly disclosed their findings to Google which was able to remove the infected apps and the threat from the Play Store by early March 2020.