Over 50 Android apps on the Google Play Store have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. The ad-fraud malware lurks in dozens of children’s’ and utility apps. In total, the total number of installations of these apps is almost one million worldwide.
A team of researchers from Check Point recently discovered the malware, dubbed Tekya, which imitates user’s actions to click ads from advertising networks such as Google’s AdMob, AppLovin’, Facebook, and Unity.
The collection of the 56 applications that contain the Tekya malware is targeting the younger audience, as they are mainly puzzles and racing games. The rest of the infected apps are utility apps such as calculators, translators and downloaders. Google has since removed the infected offerings.
“Malicious apps are still finding their way onto Google Play,” Check Point warned last month when its researchers had just alerted to the continued threat of Joker malware as well as the new Haken clickers.
“The Tekya malware family went undetected by VirusTotal and Google Play Protect,” Check Point says. The malware’s operators decompiled and cloned genuine, popular apps that were then renamed and put back onto the store with the adware mobile included.
According to researchers, once an infected app is installed, it registers as “us.pyumo.TekyaReceiver,” and can perform multiple actions. These actions include: “BOOT_COMPLETED” to allow code running at device startup; “USER_PRESENT” to detect when the user is actively using the device; and ‘QUICKBOOT_POWERON” to allow code running after device restart.
The receiver, when it detects these events, then proceeded to load a native library named “libtekya.so” that includes a sub-function called “sub_AB2C,” which creates and dispatches touch events, hence mimicking a click via the MotionEvent API.
List of apps infected with the Tekya malware:
1. caracal.raceinspace.astronaut
2. com.caracal.cooking
3. com.leo.letmego
4. com.caculator.biscuitent
5. com.pantanal.aquawar
6. com.pantanal.dressup
7. inferno.me.translator
8. translate.travel.map
9. travel.withu.translate
10. allday.a24h.translate
11. banz.stickman.runner.parkour
12. best.translate.tool
13. com.banzinc.littiefarm
14. com.bestcalculate.multifunction
15. com.folding.bloc ks.origami.mandala
16. com.goldencat.hillracing
17. com.hexa.puzzle.hexadom
18. com.ichinyan.fa shies
19. com.maijorcookingstar
20. com.majorzombie
21. com.mimochicho.fastdownloader
22. com.nyanrev.carstiny
23. com.pantanal.stickman.warrior
24. com.pdfreader.biscuit
25. com.splashio.mvm
26. com.yeyey.translate
27. leo.unblockcar.puzzle
28. mcmc.delicious.recipes
29. mcmc.delicious.recipes
30. multi.translate.threeinone
31. pro.infi.translator
32. rapid.snap.translate
33. smart.language.translate
34. sundaclouded.best.translate
35. biaz.jewel.block.puzzle2019
36. biaz.magic.cuble.blast.puzzle
37. biscuitent.imgdownloader
38. biscuitent.instant.translate
39. com.besttranslate.biscuit
40. com.inunyan.breaktower
41. com.leo.spaceship
42. com.michimocho.video.downloader
43. fortuneteller.tarotreading.horo
44. ket.titan.block.flip
45. mcmc.ebook.reader
46. swift.jungle.translate
47. com.leopardus.happycooking
48. com.mcmccalcu lator.free
49. com.tapsmore.challenge
50. com.yummily.healthy.recipes
51. com.hexamasteranim
52. com.twmedia.downloader
53. com.caracal.burningman
54. com.cuvier.amazingkitchen
If you still have these apps installed on your phone, you’ll have to manually remove them immediately.
Secure Your Organization’s Mind with Securemind.se
