Hide your kids; hide your wives. Security investigators from Check Point Research (opens in new tab) discovered 56 malware-infected Google Play apps. Before Google had a chance to pull them down, users already downloaded the apps one million times; 24 of those apps, Check Point Research discovered, targeted children.
The study -- spearheaded by Israel Wernik, Danil Golubenko , Aviran Hazum -- found that the Google Play Store-based apps were poisoned with Tekya, which is a form of adware. The goal of Tekya, Hazum told Laptop Mag, is to commit mobile-ad fraud.
- Millions of Android phones and tablets vulnerable to attack: What to do
- Popular password managers can get hacked: Should you keep using them?
- Microsoft says 99.9% of accounts get hacked for this reason: How to protect yourself
Some advertisers pay for cost-per-click (CPC) advertising to have their ads splashed on an app. For example, if an advertiser agrees to a $1.50 CPC rate, he or she will pay $1.50 every time a potential customer clicks their ad and visits their site.
"In Tekya's case, the exploitation lies in the CPC (Cost-Per-Click) actions. It imitates the user to generate clicks, thus getting paid by the ad agencies for user interactions with ads that the user didn't do," Hazum told Laptop Mag.
Using Tekya, hackers are hoping to fraudulently drive up their CPC rates and attract ad revenue from platforms such as Google’s AdMob, AppLovin, Facebook and Unity. Nearly half of the discovered Tekya-infected apps were children's games, ranging from puzzles to racing games, to attract kids who may haphazardly download the fraudulent apps.
Tekya obscures native code to slip underneath Google Play Protect's radar and utilizes a mechanism called MotionEvent (introduced in 2019) to emulate user clicks and generate ad income. As a result, it was available and downloadable for unwitting Google Play users.
The researchers also found that hackers cloned popular applications to attract a large audience, particularly children. But there is some good news -- these infected apps have been removed from Google Play. However, with hundreds of new apps uploaded onto the Google Play Store daily, it's difficult to track whether each app is safe.
"Users cannot rely on Google Play’s security measures alone to ensure their devices are protected," Check Point Research wrote on its blog post.
Hazum told Laptop Mag how Google Play users can protect themselves from Tekya malware.
"In order to protect your devices, you need a security solution installed," Hazum said. "The same way that you have a security solution on your PC, you need one for your device. ZoneAlarm by CheckPoint would be my recommendation."