Over 150 apps on the Google Play Store were recently found to contain a new form of malware called Tekya. This malware has the ability to display intrusive ads and sign users up for premium services without their consent.
What is Tekya?
Tekya is a new form of Android malware that was first discovered in September 2022. It has the following capabilities:
- Displays disruptive pop-up ads and notification spam
- Signs users up for paid subscriptions without permission
- Clicks on ads in the background to generate fraudulent revenue
- Evades detection by Google Play Store security scanning
Tekya acts as an adware, fleeceware, and click fraud malware all in one. It is able to display full-screen ads over other apps, sign users up for paid services without permission, and click on ads in the background for financial gain.
How Does Tekya Work?
Tekya has been ingeniously designed to avoid detection by the Google Play Store. It uses simple obfuscation techniques to hide its malicious code.
Once installed on a victim’s device, Tekya waits for a period before beginning malicious activities. This helps it bypass Google’s security scanning which performs analysis on apps for a limited time.
Tekya then begins showing intrusive pop-up ads and spam notifications promoting apps and services. The ads lead to shady websites if clicked on.
In the background, Tekya silently subscribes users to premium services by intercepting text messages containing activation codes. It is also able to click on ads to generate revenue for the malware operators.
Impact on Infected Users
Users infected by apps containing Tekya face the following repercussions:
- Constant distracting ads that disrupt usage of apps and device
- Signup for unwanted paid services resulting in lost money
- Slow device performance due to constant ad clicks in background
- Data consumption caused by background ad clicks
- Possibility of installing other malware from clicking on pop-up ads
The barrage of ads and fraudulent subscriptions can be very detrimental to user experience. Performance slowdowns and increased data usage also impact users negatively.
How to Stay Protected?
Here are some tips to stay safe from Tekya and other such malware:
- Only install apps from trusted developers: Avoid unknown developers, especially those with low review ratings
- Check app permissions: Pay attention to what access an app is requesting before installing
- Install a malware scanner: Use a reputable anti-virus app to scan your device periodically
- Update devices regularly: Security updates help patch vulnerabilities used by malware
- Avoid clicking pop-up ads: Exercise caution when clicking ads or notifications
Staying vigilant is key to prevent falling victim to malware like Tekya that manage to bypass the Play Store defenses initially. It’s also important to report such apps to Google when discovered to help protect other users.
Google’s Response
Upon being notified of the 150 infected apps, Google swiftly removed them from the Play Store. The developers behind the apps containing Tekya malware were banned from publishing any more apps.
Google also thanked the security researchers who discovered Tekya for their due diligence. They reiterated that such harmful apps have no place on the Play Store and that they are continuously improving detection mechanisms.
They encouraged users to report any adware or malware apps they encounter and to only install apps from trusted sources. Developers were also advised to ensure compliance with Play Store guidelines.
The prompt action taken by Google likely prevented Tekya from infecting countless more users. Still, the fact that it managed to evade detection raises some concerns over Play Store security. Google will need to find better ways to catch such cunning malware early on.
In summary, Tekya is a potent new malware strain infecting over 150 apps on the Play Store. It bombards users with disruptive ads, signs them up for paid services, and commits ad fraud. Users should be careful what they install and help report such issues early. While Google responded quickly, this incident highlights limitations in Play Store security that need addressing.
