A new family of Android click-fraud trojans is using TensorFlow machine learning models to autonomously detect and interact with online advertisements. Instead of relying on pre-defined scripts, these malware variants analyze visual elements in real-time via screenshots to simulate legitimate user clicks. This AI-driven approach makes the fraud more effective and adaptable against modern, dynamically changing ads.
The malware operates in two modes: a "phantom" mode that uses a hidden WebView browser to load pages and execute automated clicks, and a "signalling" mode that streams a live video feed to attackers for manual remote interaction. Distributed primarily through Xiaomi’s GetApps store and third-party APK sites, the trojans are hidden within seemingly functional apps, including modded versions of popular services like Spotify and YouTube.
Infected applications, such as "Theft Auto Mafia" and "Cute Pet House," have accumulated tens of thousands of downloads. The covert nature of the attacks means users typically notice only increased battery drain and data usage. To protect themselves, Android users are advised to avoid sideloading apps from unofficial sources, especially modified versions that promise premium features for free.
Read more...