"A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. The mechanism relies on visual analysis based on machine learning instead of predefined JavaScript click routines, and does not involve script-based DOM-level interaction like classic click-fraud trojans. The threat actor is using TensorFlow.js, an open-source library developed by Google for training and deploying machine learning models in JavaScript. It permits running AI models in browsers or on servers using Node.js."
"After loading the trained model from a remote server, the hidden browser is placed on a virtual screen, and screenshots are taken for TensorFlow.js to analyze and identify relevant elements. By tapping on the correct UI element, the malware reproduces normal activity from a user. This method is more effective and resilient against modern ad variability, as most of these ads are dynamic, frequently change structure, and often use iframes or video."
A new Android trojan family uses TensorFlow.js machine learning models to visually detect and interact with advertisement UI elements rather than relying on DOM-level script clicks. The malware installs a hidden WebView that loads target pages and a JavaScript helper, then downloads a trained model from a remote server. The WebView is rendered off-screen and screenshots are fed to TensorFlow.js to locate ad elements for automated tapping that mimics normal user behavior. A 'signalling' mode streams the virtual screen over WebRTC so operators can perform real-time taps, scrolls, and text input. Distribution occurs via Xiaomi's GetApps catalogue, with malicious functionality added in updates.
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]