A total of 56 Tekya-infected apps were downloaded a million times by users who trust in the software innovation giant.

New auto-clicker malware hidden in Android’s native code has been discovered even in children’s apps on Google Play Store.

Downloaded over 1,000,000 times globally, the malware imitates actions of users to commit mobile ad fraud for fraudulent financial gain. It was lurking in a total of 56 applications, 24 of which were children applications, but has gone undetected by Google because it was hidden in Android’s native code.

Researchers at Check Point Research have identified the auto-clicker malware dubbed “Tekya” which tricks users into clicking on ads and banners from ad agencies like Google’s AdMob, AppLovin’, Facebook, and Unity. Applications containing Tekya included utility applications for cookery, calculators, download management, and translations. Twenty-four of the infected applications targeted children, ranging from puzzles to racing games.

The end-goal of Tekya is to generate fraudulent financial gain by generating huge numbers of clicks on ads and banners without the user’s knowledge.

Undetected by Google

Tekya infiltrated Google Play Store by hiding its malicious intentions in native code—code that is configured to run on only Android’s processor. As a result, Tekya was able to avoid detection by Google Play Protect, a system designed by Google to, ironically, keep Android safe from front to back.

Researchers at Check Point responsibly disclosed their findings to Google. Google was able to remove the threat from the Play Store by early March 2020. The question is, can we ever trust Google Play Store and Play Protect?

Check Point’s Manager of Mobile Research, Aviran Hazum commented: “To us, the number of applications targeted and the sheer number of downloads that the actor successfully infiltrated into Google Play is staggering. Combine that with a relatively simple infection methodology—it all sums up the fact that Google Play Store can still be an unwitting host of malicious apps. It is difficult to check if every single application is safe on the Play Store, so users cannot rely on Google Play’s security measures alone to ensure their devices are protected.”

Trust only your own app security discipline

There are nearly three million apps in the Google Play Store, with hundreds of new apps being uploaded daily—and we know now that we cannot trust even Google to protect users.

Therefore, exercise extreme caution when installing apps, and use a good cybersecurity app that monitors suspicious background activity in your device. If you suspect you may have one or more of these infected apps on your device, hunt them down and delete them, and make sure your device has the latest Android security patches and updates.