Security researchers at Check Point have uncovered a malicious software hidden in several Android apps, which jeopardize the user’s personal data, such as credentials, emails, text messages, and geographical location.
The malicious apps, which have been cleverly designed to look typical and harmless to dupe the user, have been downloaded by almost one million people from the Google Play Store, on smartphones and tablets.
In a statement made on its website, Check Point claims the “vulnerability impacts phones from Samsung, Huawei, LG, and Sony”.
How does the malware work?
Malware called ‘Tekya’ is present within these apps, and is designed to commit mobile ad fraud by accessing a user’s clicking habits, location, text messages, while using the ‘MotionEvent’ feature in Android devices – which was introduced in 2019 – in order to click on app adverts which seem relevant to the user. This generates an illegitimate profit for the app creators.
The adverts being targeted, without the knowledge of the user, are from agencies such as Google’s AdMob, Facebook, AppLovin’ and Unity. They also swarm the user’s device with several pop-up ads, while the user is not using the app.
All of this extra activity can damage the performance of an Android device and drain its battery life.
What types of apps contained the malware?
Researchers for Check Point stated, “This campaign cloned legitimate popular applications to gain an audience, mostly with children, as most application covers for the malware are children’s games.”
Specifically, 24 out of the 56 apps named as hazardous in their latest report were targeted at children.
These apps disguised themselves as puzzle or racing games, while the remaining 32 apps consisted of utility and productivity apps, such as calculators, weather apps, document scanners and translators, as well as cooking apps.
You can find the full list of offending apps at the end of this article.
How did the malware go undetected?
Tekya obscures the app’s code in order to avoid detection by Google’s malware scanner, Google Play Protect.
By clicking on relevant adverts and by hijacking the ‘MotionEvent’ feature – introduced in Android devices in 2019 – this also helps the malware’s activities to go undetected.
In a statement on their website, Check Point said, “Although Google has taken steps to secure its Play store and stop malicious activity, hackers are still finding ways to infiltrate the app store and access users’ devices.”
How do I get rid of this malware?
All of these infected applications have now been removed from Google Play, to prevent further downloads, however the apps will remain on your phone until you delete them manually.
Which apps are causing the problems?
The following apps have been listed by researchers as containing the malicious malware:
Folding Blocks Origami Mandala
Multi Translate Threeinone
Michimocho Video Downloader
Fortuneteller Tarotreading Horo