A new malware family has been discovered operating in 56 Google Play applications, which have collectively been downloaded nearly one million times around the world. Dubbed "Tekya," the malware aims to commit mobile ad fraud by imitating user actions to click advertisements.
Check Point researchers say 24 of these infected apps are designed for children; for example, puzzles or racing games. The rest are utility apps: calculators, translators, and cooking apps, for example. Tekya obfuscates native code to evade Google Play Protect detection, and it uses the MotionEvent mechanism built into Android to imitate the user's actions and generate clicks for ads from agencies like Google's AdMob, AppLovin', Facebook, and Unity, researchers report.
The Tekya campaign built its audience by cloning legitimate popular applications, especially children's apps, which were most popular for this particular malware. All of the infected apps have been removed from Google Play. If you think you may have one of these malicious apps on your device, researchers recommend uninstalling the affected app and updating the device's operating system and applications.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Three Ways Your BEC Defense Is Failing & How to Do Better."