Researchers find malware in Play Store with million users

Get a free Techzine subscription!

Cyberfirm Check Point has alerted Google after researchers found 56 apps on the Play Store that contained malware. Altogether, the apps would have been downloaded almost a million times.

The malware family, named Tekya, would be used to imitate clicking on advertisements. Ads from, among others, AdMob (Google), Facebook and Unity could be found by the malware.

Of the 56 apps found in the Play Store (accounting for almost a million downloads), 24 were games aimed at children and 32 were an app for certain standard use cases: calculators, downloaders and cooking apps.

Once downloaded, the malware (hidden in the adopted code of legitimate application) would use MotionEvent in Android (available from 2019) to imitate a user and thus generate clicks. According to the researchers, the malware managed to stay under the radar of Google Play Protect and VirusTotal. In the meantime, the apps have been removed from the Play Store.

The researchers do stand up for Google by stating that ‘with almost three million apps in the Play Store, it is incredibly difficult to check every app. Users can therefore not only count on Google’s security measures if they want to keep their mobile safe’.