The firm noted that these applications mimicked users’ actions on Android to serve ads from networks such as Google’s AdMob, AppLovin’, Facebook, and Unity. Hackers took advantage of Android’s MotionEvent actions, which record users’ movement through a pen or finger across the screen, to generate clicks. According to security researchers, Tekya’s code was hidden in the native code of the app, which helped it bypass Google Play Store’s security protocols. After Check Point’s notification, Google removed these apps earlier this month. Aviran Hazum, Manager of Mobile Research at Check Point, noted this incident highlights Google Play Store’s fallacy to stop malware-infected apps: In a blog post published in February, Google said it removed over 790,000 suspicious apps before they were updated to Play Store. However, despite these measures, the Play Store often fails to detect malware-laden apps. Last year, security firm Upstream Systems found adware that was present in 47 applications with more than 78 million users. In February, Check Point revealed Haken family of malware that infected eight apps that had been downloaded over 50,000 times.
