Cybercriminals have developed a sophisticated Android malware that employs artificial intelligence (AI) to simulate human ad clicks, effectively bypassing traditional behavior-based defenses and defrauding advertisers. This malware utilizes TensorFlow.js, an open-source library for training and deploying machine learning models in JavaScript, to analyze and interact with advertisements in a manner indistinguishable from genuine user behavior.
The malware operates in a 'phantom' mode, deploying a hidden WebView-based embedded browser that loads target pages and executes a JavaScript file designed to automate interactions with ad elements. By analyzing screenshots of the virtual browser, the AI model identifies and clicks on advertisements, generating fraudulent ad impressions and clicks. This method allows the malware to adapt to varying ad structures, making it more challenging for traditional defenses to detect and mitigate. (bleepingcomputer.com)
Researchers from Dr.Web, a mobile security company, discovered this malware distributed through Xiaomi's official app store, GetApps. The malicious apps, which appeared as legitimate games, were downloaded over 155,000 times. Once installed, the malware operates in the background, consuming device resources and potentially draining battery life due to its continuous fraudulent activities. (bleepingcomputer.com)
This development highlights the evolving tactics of cybercriminals, who are increasingly integrating AI into their malware to enhance its effectiveness and evade detection. Users are advised to download apps exclusively from reputable sources, such as the Google Play Store, and to exercise caution when installing applications from third-party platforms. Regularly updating devices and utilizing comprehensive security solutions can also help mitigate the risks associated with such sophisticated threats.
AI-Powered Android Malware Discovered in Official App Stores:
- New Android malware uses AI to click on hidden browser ads
- A huge Android ad fraud network was distributing malware through 224 apps - until Google fought back, Published on Wednesday, September 17
- 224 malicious apps removed from the Google Play Store after ad fraud campaign discovered | Malwarebytes, Published on Wednesday, September 17