"A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. The mechanism relies on visual analysis based on machine learning instead of predefined JavaScript click routines, and does not involve script-based DOM-level interaction like classic click-fraud trojans. The threat actor is using TensorFlow.js, an open-source library developed by Google for training and deploying machine learning models in JavaScript."
"Researchers at mobile security company Dr.Web found that the new family of Android trojans is distributed through GetApps, the official app store for Xiaomi devices. They discovered that the malware can operate in a mode called 'phantom', which uses a hidden WebView-based embedded browser to load a target page for click-fraud and a JavaScript file. The script's purpose is to automate actions on the ads shown on the loaded site."
"A second mode, called 'signalling', uses WebRTC to stream a live video feed of the virtual browser screen to the attackers, allowing them to perform real-time actions like tapping, scrolling, and entering text. The threat actor distributes the malware in games on Xiaomi's GetApps software catalogue. Initially, the apps are submitted without malicious functionality and receive the malicious components in subsequent updates."
Android click-fraud trojans now use TensorFlow-based visual machine learning to detect and interact with ad elements rather than relying on JavaScript DOM clicks. The malicious apps load TensorFlow.js models from remote servers and analyze screenshots of a hidden WebView placed on a virtual screen to identify tappable UI elements. A 'phantom' mode automates ad interactions via reproduced taps, and a 'signalling' mode streams the virtual browser via WebRTC to allow attackers to perform real-time input. The malware is distributed through Xiaomi's GetApps, initially appearing benign and introducing malicious components via later updates, targeting popular games.
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]