A Google Play Store threat has been downloaded to 1.7 million devices. The trick was to hide in more than 56 apps, many of them for children. That is, a real danger on the loose in the Google app store.
Threat on Google Play Store leverages apps for kids
Called Tekya, it consists of a family of malware that generates fraudulent clicks on ads and banners delivered by agencies like AdMob, AppLovin ‘, Facebook and Unity from Google. To give clicks the air of authenticity, the code causes infected devices to use Android’s “MotionEvent” mechanism to mimic legitimate user actions. When investigators at security company Check Point discovered the problem, they concluded that dangerous apps were not detected by VirusTotal and Google Play Protect. 24 of the apps that contained Tekya were intended for children. However, Google removed the 56 applications after Check Point’s warning.
To make it more difficult to detect malicious behavior, apps were written in Android’s native code – usually in the C and C ++ programming languages.
However, antivirus maker Dr.Web on Tuesday announced the discovery of an undisclosed number of applications on Google Play, downloaded more than 700,000 times and that contained malware called Android.Circle.1. The malware used code based on the BeanShell scripting language and combined adware and fraud functions with clicks. The malware could be used to carry out phishing attacks.
Dr.Web’s alert did not mention all the applications that contained Android.Circle.1.
And now that the malicious applications have been removed?
Android devices automatically remove applications that are considered malicious, but the mechanism does not always work as expected. That is why we must always be very careful with what we install. Reading the comments for a particular app is also a good idea. It is better to be careful when installing applications than to have a posteriori surprises, some of which are very difficult to remove.