56 apps were discovered spreading a new malware

56 apps were discovered spreading a new malware

mci-pages-sharing
inner-content-image - 56 apps were discovered spreading a new malware

CheckPoint security experts have identified 56 malware applications in the Google Play store. Although the GooglePlay store has malware detection mechanisms, this malware has not yet been identified by Google Play. In addition, none of the antivirus software on the VirusTotal has identified this applications as malware.
The malware, called Tekya Clicker, can carry out malicious activities such as spoofing user activity, stealing information, stealing emails, stealing text messages and accessing the user's geographic location. According to surveys, these apps have been installed on more than a million mobile phones and users should remove them if they install them.

Name of this applications after in Google Play are:

  • Astronaut race in space
  • Caracal cooking
  • Let me go - leo
  • Biscuitent caculator
  • Pantanal aquawar
  • Pantanal dressup
  • Inferno translator
  • Translate travel map
  • Travel translate
  • Allday translate
  • Stickman parkour
  • Best translate
  • Banzinc littiefarm
  • Best calculate multi function
  • Folding blocks origami
  • Golden cat hill racing
  • Hexa puzzle
  • Ichinyan fashion
  • Maijor cookingstar
  • Major zombie
  • Fastdownloader
  • Cars tiny
  • Stickman warrior
  • PDF reader
  • Splashio
  • Yeyey translate
  • Unblock car puzzle
  • Delicious recipes
  • Multi translate - threeinone
  • Infi translator
  • Rapid snap translate
  • Smart language translate
  • Best translate
  • Block puzzle 2019
  • Magic cuble blast puzzle
  • Image downloader
  • Instant translate
  • Best translate
  • Break tower
  • Spaceship
  • Video downloader
  • Taro treading
  • Titan block flip
  • Ebook reader
  • Swift jungle translate
  • Happy cooking
  • Calculator free
  • Tapsmore challenge
  • Healthy recipes
  • Hexa master
  • Twmedia downloader
  • Burning man
  • Amazing kitchen
  • Wego translate
  • Arplanner sketch plan
  • Quick plan
  • Live translate
  • Calculate pro
  • Smart tools
  • titan yan
  • weather radar
  • Titan translator
  • Scanner measure
  • Artech toolbox
  • Translate toolkit

Researchers found that Tekya malware obfuscates native code to avoid detection by Google Play Protect and utilizes the “MotionEvent” mechanism in Android to imitate the user’s actions and generate clicks.

MotionEvent is a mechanism in an Android device that used to report movements such as a mouse, pen, finger, trackball events.

The receiver “us.pyumo.TekyaReceiver” get’s registered to perform the following actions

  • ‘BOOT_COMPLETED’ to allow code running at device startup (“cold” startup)
  • ‘USER_PRESENT’ in order to detect when the user is actively using the device
  • ‘QUICKBOOT_POWERON’ to allow code running after device restart
‫56 apps were discovered spreading a new malware

The main goal of the malware is to click on the ads banner from agencies such as Google’s AdMob, AppLovin, Facebook, and Unity.

Prevent from malware infection:

  • Install software from trusted sources (Google Play on Android and App Store on iOS)
  • Pay attention to the permissions obtained when installing and executing application and not granting suspicious access permissions due to application usage
  • Pay attention to other program users pre-installation comments
  • Activate the App Scan feature on the Google Play Store to periodically scan for apps installed on your mobile phone
  • Install and use valid and up-to-date anti-malware tools