Check Point experts have identified a new family of malware in the Google Play Store. It was installed in 56 Google Play Store apps that have been downloaded almost a million times by users worldwide. 24 apps among the damaged 56 are children's games, as well as utilities such as calculators, translators, cooking apps and others. As it is specified, applications emulate the behavior of a real user.
Tekya malware uses the MotionEvent mechanism in Android that simulates a click on an ad banner (first discovered in 2019) to simulate user actions and generate clicks.
Imitating the actions of a real person does not allow the program or a third-party observer to understand the presence of fraud. This helps hackers to attack online stores, make fraudulent ads, promote advertising, promote sites in search engine results, and also serve to carry out banking operations and other illegal actions.
During the research, Tekya went unnoticed by the VirusTotal and
Google Play Protect programs.
Hackers created copies of official popular apps to attract an
audience, mostly children since most apps with Tekya malware are
children's games.
However, the good news is that all infected apps have already
been removed from the Google Play.
This case shows that malicious app features can still be found in
Google Play. Users have access to almost 3 million apps in the
Google Play Store, and hundreds of new ones are downloaded daily,
making it difficult to check the security of each individual
app.
Although Google is taking steps to ensure security and prevent malicious activity on the Google Play Store, hackers are finding ways to access users' devices through the app store. So, in February, the Haken family of malware was installed on more than 50 thousand Android devices through various applications that initially seemed safe.
Read more https://www.ehackingnews.com/2020/03/check-point-56-apps-from-google-play.html
