Researchers at Check Point, a well-known cybersecurity firm, recently discovered that a large number of utilities and children’s apps in Google’s Google Play store contain hidden auto-click malware, which has been downloaded more than 1 million times. Earlier this month, Check Point removed the apps after it disclosed its findings to Google.
Check Point found new malware in 56 apps, 24 of which were children’s apps and the rest were utilities such as calculators and translations, according tomedia CNET. Among them, a malware called Tekya can mimic user behavior and automatically click on ads or banner ads to commit ad scams. According to Check Point’ analysis, the malware was not detected by the Google Play store and Google’s antimalware scanner Play Protect.
“Tekya was able to stay undiscovered for a long time because it was hidden in Android’s local code, which was designed to run only on Android processors. As a result, the malware evades detection by Google Play Protect. But there’s no denying that the number of malware infiltrating Google apps and user downloads is staggering,” Said Aviran Hazum, mobile research manager at Check Point, at a press conference Tuesday.
On the evening of February 20th, Google dropped nearly 600 apps containing “disruptive ads” from the Google Play Store and banned its developers from the Google Play Store and its ad network.
Google said, “We define destructive advertising as malicious programs,” including weakening or interfering with the availability of device features, and while ads that are shown to users can only be opened within the app, we are seeing another form of disruptive ad that is increasing, which is called out-of-context advertising. We’ve pioneered a new machine learning-based approach that will detect whether developers are running ads behind their backs when a user’s device is inactive, and we’ll detect all apps. “
On March 19th Google announced a policy change for Android Advanced Protection features for users who want greater security on their devices. These include automatically opening Google Play Protection and restricting app installations from outside the Google Play Store. For those apps that have been installed before, you can still choose to keep them on your device.
“However, the presence of these malwares proves that Google’s security measures are not foolproof. Aviran Hazum said.
Google declined to comment.