More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.
Dubbed “Tekya,” the malware in the apps imitated users’ actions to click ads from advertising networks such as Google’s AdMob, AppLovin’, Facebook, and Unity, cybersecurity firm Check Point Research noted in a report shared with The Hacker News.
“Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on),” the researchers said.
While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer and utility apps to perform phony clicks on ads.
Malware Abuses MotionEvent API to Simulate User Clicks
Stating that the campaign cloned legitimate popular apps to gain an audience, the newly discovered 56 apps were found bypassing Google Play Store protections by obfuscating its native code and relying on Android’s MotionEvent API to simulate user clicks.
Once an unwitting user installed one of the malicious apps, the Tekya malware registers a receiver, an Android component that’s invoked when a certain system or application event occurs — such as a device restart or when the user is actively using the phone.
images from Hacker News