Google's security measures failed to find Android malware in Play Store
More than 50 apps were infected by malware designed for ad fraud.
Google may have introduced a number of security measures to prevent malicious apps from appearing in the Play Store, but they're not watertight. New analysis from Check Point shows that earlier this year, malware was lurking within 56 apps that had been downloaded almost one million times worldwide – its objective, to commit mobile ad fraud.
The malware, named "Tekya", imitated the user's actions in order to click ads and banners from agencies suh as AdMob, AppLovin', Facebook and Unity. The affected apps included utility apps such as cooking apps and calculators, and apps aimed at kids, such as puzzles and racing games.
Tekya was able to go undetected for so long because it hid in Android's native code -- code that's designed to run only on Android processors. As such, the malware avoided detection by Google Play Protect, the system designed to keep Android safe. The malware was removed by Google in early March, after Check Point disclosed its findings to the company.
Considering the Play Store is home to more than two million apps, 56 being affected in this way represents a very small sample. However, it does demonstrate that Google's security efforts aren't fool-proof. As such, Check Point's manager of mobile research, Aviran Hazum, recommends keeping devices up to date with the latest security patches, and installing a reputable security solution to prevent future infections.
