Connect with us


Tekya auto-clicker malware exploits kids’ Android apps




More than 50 Android apps, including 26 aimed at children, with more than a million downloads between them, have been removed from the Google Play Store, after security researchers at Check Point discovered they contained malicious software. automatic click called Tekya.

Tekya generates money for cybercriminals by committing mobile ad fraud by impersonating a user clicking on legitimate advertisements and banners from legitimate online advertising companies, including Google AdMbo, AppLovin’, Facebook, and Unity . It does this by leveraging Android’s MotionEvent (i.e. touch) input motion reporting mechanism to mimic a human user clicking on an advertisement.

The malware was able to avoid detection and infiltrate the Google Play Store by hiding its malicious intentions in native code configured to run only on Android processors. That means Google’s security system, Google Play Protect, wasn’t able to spot it, and neither was Google. VirusTotal service.

The cloned and infected apps discovered by Check Point ranged from puzzles to racing games, as well as utility apps such as cooking apps, calculators and translators.

“For us, the amount of targeted apps and number of downloads the actor has managed to infiltrate Google Play is staggering,” said Aviran Hazum, head of mobile research at Check Point.

“Combine that with a relatively simple infection methodology, it all comes down to learning that Google Play Store can still harbor malicious apps,” he said. “It’s hard to verify whether every app is safe on the Play Store, so users can’t rely solely on Google Play’s security measures to ensure their devices are protected.”

The team that discovered Tekya, which in addition to Hazum included threat researchers Danil Golubenko and Israel Wernik, disclosed their findings to Google, which removed the malicious apps in early March 2020.

However, with over a million collective downloads, a large number of users will have been compromised. If you suspect that you or your child have downloaded one of the infected apps – which are listed in full on the team’s disclosure blog – you should immediately uninstall it from your device, check that your security patches are completely up-to-date and consider using a mobile security service to detect and prevent future infections.

With children in the UK now confined to their homes during the coronavirus Covid-19 crisis, leading to increased use of devices across the board, parents should take extra steps to monitor and secure all devices used by their children.

With schools unable to take responsibility for educating children about online harm and malicious apps, security training and awareness organization the Sans Institute has released advice on how to keep the Internet safe. kids activity online. The guidance – along with other advice on safe remote working – can be read and downloaded here.

With rogue apps still sneaking into the Google Play Store with alarming regularity and nearly three million apps now available, it’s impossible for a single person to keep abreast of the threat.

As previous Check Point disclosures have shown, Google’s own internal security protections still repeatedly miss the mark, despite a number of recent improvements.

Check Point warned that “users cannot rely solely on Google Play’s security measures to ensure their devices are protected.”