Social Items



The ad fraud scheme is a practice that bad actors leverage by exploiting the system to deliver unsolicited ads, allowing the threat actors to effectively steal advertising funds from enterprises.

While the practice is increasingly finding its way into the mobile ecosystem, as over 50 apps on the Google Play Store, with about a million downloads have been caught using new tricks to secretly self-click ads without the knowledge of smartphone owners, according to security firm Check Point.

The ad fraud actors use a piece of malware called "Tekya" which runs in the apps to imitate users' actions by clicking ads from ads networks like Google’s AdMob, AppLovin’, Facebook, and Unity.

How the Mobile Ad Fraud actors evade Google Play Protect



The piece of malware, Tekya obfuscates the native code to avoid detection by Google Play Protect, which is part of an inbuilt Android defense system against malware, and utilizes the ‘MotionEvent’ mechanism in Android to imitate the user’s actions to generate ad clicks.

According to the researchers, the Tekya malware was undetected by even some known antivirus software such as VirusTotal and Google Play Protect, which ultimately made it available for download in over 50 applications on Google Play Store.

The ad fraud campaign seems to clone legitimate popular applications to gain more audience, mostly kid-friendly apps, with a larger chunk of the applications running Tekya malware serving as children’s games.

How to protect your Device from Tekya malware



This ad fraud highlights once again that Google Play Store can still be tricked into hosting malicious apps, with nearly 3 million apps available on the store; it is far more difficult to manually check that every app is safe.

Therefore, users should not rely on Google Play’s security measures alone to ensure that their devices are protected. If you suspect that your device have any of the infected apps, quickly uninstall the application from your device, and make sure your device operating system and apps are up to date.

Furthermore, enterprises should make sure that the devices used by their employees are free from malware by enforcing the use of antivirus software to secure them against sophisticated mobile attacks.

How Mobile Ad Fraud actors evade Google Play Protect with Tekya Clicker



The ad fraud scheme is a practice that bad actors leverage by exploiting the system to deliver unsolicited ads, allowing the threat actors to effectively steal advertising funds from enterprises.

While the practice is increasingly finding its way into the mobile ecosystem, as over 50 apps on the Google Play Store, with about a million downloads have been caught using new tricks to secretly self-click ads without the knowledge of smartphone owners, according to security firm Check Point.

The ad fraud actors use a piece of malware called "Tekya" which runs in the apps to imitate users' actions by clicking ads from ads networks like Google’s AdMob, AppLovin’, Facebook, and Unity.

How the Mobile Ad Fraud actors evade Google Play Protect



The piece of malware, Tekya obfuscates the native code to avoid detection by Google Play Protect, which is part of an inbuilt Android defense system against malware, and utilizes the ‘MotionEvent’ mechanism in Android to imitate the user’s actions to generate ad clicks.

According to the researchers, the Tekya malware was undetected by even some known antivirus software such as VirusTotal and Google Play Protect, which ultimately made it available for download in over 50 applications on Google Play Store.

The ad fraud campaign seems to clone legitimate popular applications to gain more audience, mostly kid-friendly apps, with a larger chunk of the applications running Tekya malware serving as children’s games.

How to protect your Device from Tekya malware



This ad fraud highlights once again that Google Play Store can still be tricked into hosting malicious apps, with nearly 3 million apps available on the store; it is far more difficult to manually check that every app is safe.

Therefore, users should not rely on Google Play’s security measures alone to ensure that their devices are protected. If you suspect that your device have any of the infected apps, quickly uninstall the application from your device, and make sure your device operating system and apps are up to date.

Furthermore, enterprises should make sure that the devices used by their employees are free from malware by enforcing the use of antivirus software to secure them against sophisticated mobile attacks.
Mobile Web

No comments

Subscribe to: Post Comments (Atom)