While Google employs some tough policies for app developers to keep the Play Store safe, yet it never remains so. Once again, criminal hackers managed to ditch Google’s policies and flood the Play Store with malicious Android apps. This time, they target users with Tekya malware distributed via numerous apps with almost 1 million downloads.
Tekya Malware In Malicious Android Apps
Researchers from Check Point Research have found further Android malware targeting users via Google Play Store. They found multiple Android apps that looked safe but actually contained Tekya malware.
Elaborating on their findings in a post, researchers stated that they observed around 56 apps on Play Store exhibiting malicious behavior. Of these, 24 specifically aimed at children as they impersonated various kids’ apps, such as games and puzzles. Whereas the remaining impersonated utility apps such as calculators, translators, cooking apps, etc.
Upon downloading the app, the malware installs and executes on the target device. While the technical details of Tekya are available in the researchers’ post, in brief, it primarily serves ad fraud purposes.
With the goal of committing mobile ad fraud, the malware – dubbed ‘Tekya’ – imitates the user’s actions in order to click ads and banners from agencies like Google’s AdMob, AppLovin’, Facebook, and Unity.
To evade detection by Google Play Protect, the malware obfuscates the native code. It then leverages ‘MotionEvent’ feature on Android phones to imitate the victim’s actions for generating clicks.
Together, these malicious Android apps had a total number of downloads of about 1 million. In other words, these apps potentially risked the security of around 1 million users.
Apps Removed, But Threat Remains
Check Point researchers have confirmed that Google has removed all the malicious apps detected in their study. The developers also removed a couple of those apps from the Play Store. So, at present, users are safe from Tekya malware.
Nonetheless, this doesn’t mean that the threat is over. At any point, cybercriminals may flood Play Store with malicious apps to spread other malware, especially the unknown ones, just like Tekya that remained undetected by VirusTotal and Play Protect. As stated by the researchers,
There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily – making it difficult to check that every single app is safe. Thus, users cannot rely on Google Play’s security measures alone to ensure their devices are protected.
Let us know your thoughts in the comments.