Two groups of researchers have found two new, distinct types of malware that function similarly and are embedded in a variety of programs that are accessible through different channels. Worst of all, the standard advice to “don’t install apps from strange sites” is less helpful because some of them are even available on the Google Play Store.
Although these two pieces of malware appear to be distinct, they function similarly. They exploit the functions of your phone to click on advertisements nonstop, slowing it down and significantly depleting its battery.
Virtual screens, real ads
Researchers at the mobile security company Dr.Web found the latest recent spyware, which has not yet been named. Bleeping Computer revealed the discovery. This malware makes use of the TensorFlow.js framework that Google distributed with Android phones to enable machine learning operations in browsers.
And it works: when the malware is activated, it creates a virtual (false) screen where it shows and clicks on advertisements. Compared to more traditional ad-clickers, the clicks appear far more natural due to the usage of a machine learning technique. However, it has an equally detrimental effect on your device as earlier malware, with notable effects on battery life and processing speed.
Even worse, the app allows attackers to interact with the fake display as needed by opening a permanent livestream on your device.
Interestingly, Xiaomi’s GetApps software catalog is where the apps originates. Dr.Web claims that the malware is introduced after the apps are uploaded, avoiding all possible security measures.
inevitably, third-party app websites like Apkmody and Moddroid have also been severely compromised by the malware. Researchers assert that both the latter’s Editor’s Choice list and “premium” versions of apps like Spotify that may be accessible on Telegram channels are rife with compromised apps.
