Click-Fraud Malware Found in More than 50 Play Store Apps

Researchers at Check Point have identified an auto-clicker malware family operating within Google’s Play Store, via BetaNews.

The malware known as Tekya commits mobile ad fraud by imitating the actions of a user, clicking ads and banners from ad agencies like Google’s AdMob, AppLovin, Facebook and Unity. It was found disguised in over 56 apps and was downloaded over 1-million times globally.


It was found disguised in over 56 apps and was downloaded over 1-million times globally.
Click To Tweet


24 of the infected apps targeted children, ranging from puzzle games to racing games. The rest of the infected apps were targeted at users of utility applications, such as cooking, calculator, download and translator apps.

Tekya managed to infiltrate the Play Store by hiding in native code – code that runs only on Android processors. This meant that Tekya was able to avoid detection from Google Play Protect, a system designed to purge the Play Store of malware.

“To us, the amount of applications targeted and the sheer number of downloads that the actor successfully infiltrated into Google Play is staggering,” says Check Point’s manager of mobile research, Aviran Hazum.

“Combine that with a relatively simple infection methodology, it all sums up to the learning that Google Play Store can still host malicious apps. It is difficult to check if every single application is safe on the Play Store, so users cannot rely on Google Play’s security measures alone to ensure their devices are protected.”

Google Play Protect

In an effort to crackdown on the malicious applications on its Play Store, Google began the Google Play Protect programme.

According to the search and multimedia titan, Google Play Protect “scans over 100-billion apps every day, providing users with information about potential security issues and actions they can take to keep their devices safe and secure”.

Google Play Protect even prevented malware from installing in non-Google Play sources, a total of 1.9-billion installs.

Check Point says that if you think you may have downloaded an infected app you should uninstall it from the device, make sure you are up to date with the latest security patches and install a security solution to prevent future infections.

Edited by Luis Monzon

Follow Luis Monzon on Twitter

Follow IT News Africa on Twitter

Click here to discuss this article.

Leave a Reply