The COVID-19 pandemic isn’t just an opportunity for some to finally embrace the work from home life, it is also an opportunity for hackers to exploit people’s newfound dependence on the Internet and apps. Of course, it does seem that it’s business as usual for Android users as news of yet another malware sneaking into Google Play Store surfaces. Given how it has targeted even children’s games, it’s a worrying precedent that needs to be nipped at the bud immediately.
The Tekya malware, as security researches at Check Point Research have called it, surprisingly employs code obfuscation to hide its presence from anti-malware programs, including Google Play Protect. It got through undetected in 56 apps, 24 of which were aimed to keep kids preoccupied and tapping away to their hearts’ content.
Unfortunately, that’s exactly what this malware wants people to do. Tekya is designed for getting users to clicks on what they think are legitimate actions. Instead, they are clicking ads on Google, Facebook, and others, generating revenue for the malware authors but at the user’s expense. Kids, of course, are completely unaware of this as are their parents or guardians who unwittingly download a clone of a game or app.
Check Point goes into more detail about the surprisingly simple method Tekya uses to bypass anti-malware protections. It also lists the 56 apps that were cloned from their originals to trick people into installing previously tested apps. All of these have reportedly been removed already but it does highlight Google Play Store’s seemingly never-ending problem.
Google naturally pushes its Play ecosystem, particularly Play Store and Play Protect, as necessary parts of the Android experience. They promise a safe experience that justifies the company’s process for certifying phones. Instances like this, however, deal a blow to the platform’s credibility, perhaps causing some users to doubt Google Play Store entirely.