Tekya Auto-Clicker Malware Hides in Dozens of Children’s and Utility Apps

Tekya Auto-Clicker Malware Hides In Dozens Of Children's And Utility Apps

Cybersecurity experts at Check Point Research discovered a specific type of malware, dubbed Tekya, hiding in dozens of children’s and utility apps. In total, 56 Android applications are affected, 26 of which target children. Between them, the applications have been downloaded hundreds of thousands of times. After being notified by Check Point’s researchers, Google removed the apps from their store earlier this month.

Malicious Apps Hard to Stop

Google continues to strengthen their policies and efforts to keep malicious apps out of their Play Store. In fact, Google has stopped over 790,000 app submissions before they were ever published. On top of that, they also offer Google Play Protect, which is a built-in malware protector for Android devices.

Nonetheless, hackers are still finding ways into the Play Store and user’s devices. Recently, cybersecurity researchers at Check Point Research were able to identify a new malware family. The malware, dubbed Tekya, was detected in 56 apps ranging from cooking apps, calculators and translators to apps specifically designed for children such as racing games and puzzles. Some weren’t just benign looking applications but actual clones of legitimate apps.

Tekya Imitates User Actions

The new malware family is able to alter Androids’ native code, which is configured to run only on Android devices. As a result, Tekya avoids detection by Google Play Protect. On top of that, Tekya also went undetected by antivirus products such as VirusTotal.

Once installed, the malware utilizes the MotionEvent functionality on Android phones to simulate users tapping on ads and banners. This is to create false clicks to generate revenue from ad agencies like Google’s AdMob, Facebook, AppLovin’ and Unity. This is known as “mobile ad-fraud”.

Infected Apps Need Manual Removal

After being notified, Google immediately removed the malicious apps from their store. However, users who have already installed one or more malicious apps need to manually remove them and ensure that they have installed the latest security patches. Check Point published the full list of infected apps on their website.

Good to know: a sudden rise in data and battery usage or a phone that starts lagging, is usually a sign that something is amiss. This is because the malware is constantly using the device. If you recently installed an app, this might be the culprit. Several tools are available to better protect your privacy on your smartphone.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For VPNoverview.com she follows relevant cybercrime and online privacy developments.