It’s a familiar story: Security researchers find apps in Google’s Play Store that are infected with some sort of malware, which eventually get pulled. Well, it’s happened again. This time, a new type of malware dubbed Tekya was discovered farming ad clicks to earn money in 56 apps, of which 24 were aimed at kids.
The malware was discovered by researchers from Check Point Software. In a blog, the researchers noted the Tekya malware basically takes advantage of Android’s MotionEvent actions to imitate users as if they were clicking on ads and banners from Google’s AdMob, App Lovin’, Facebook, and Unity.
The 24 infected apps aimed at kids were mostly clones of popular puzzle and racing games. The rest were innocuous-seeming utility apps like calculators, translators, and cooking apps. In total, Check Point researchers estimate the 56 apps had amassed nearly 1 million global downloads.
Although Google has improved security measures for the Play Store over the last few years, it’s still has a ways to go. In a blog from February, Google noted that it had prevented 790,000 apps that violated its Play Store policies before they were ever made available to users. It also noted its Google Play Protect software had prevented more than 1.9 billion malware installations from non-Google Play sources in 2019. That’s objectively good, but what’s troubling here is Check Point’s researchers found Tekya went undetected by both antivirus product VirusTotal and Google Play Protect. Meaning, while Google Play security has improved, users can’t rely on it alone.
A good step is to check the full list of infected apps at the bottom of Check Point’s blog—and if you have any of them, uninstall them. After, you might want to invest in some sort of mobile security software to prevent this sort of thing from reoccurring. Barring that, it’s important to keep up to date on security updates for both Android and your installed apps.