Machine learning–powered Android Trojans bypass script-based Ad Click detection

A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques.

Researchers at cybersecurity firm Dr.Web discovered a new Android click-fraud trojan family that uses TensorFlow.js ML models to visually detect and tap ads, avoiding traditional script-based methods. The malware is distributed via Xiaomi’s GetApps, it runs in a hidden “phantom” WebView and loads models remotely. The malicious code analyzes screenshots, and mimics real user behavior, making it more resilient against dynamic ads.

In phantom mode, Android.Phantom.2.origin uses a hidden WebView browser that, on command from the playstations[.]click server, loads a target site and a “phantom” JavaScript file containing ad-automation logic and TensorFlowJS. A trained ML model is downloaded from a remote server, screenshots of a virtual screen are analyzed, and detected ad elements are automatically clicked. In signaling mode, the Trojan uses WebRTC, with dllpgd[.]click acting as a signaling server, to stream a live video of the virtual browser to attackers, who can remotely control it by clicking, scrolling, and entering text.

The new Android clicker Trojan family is controlled by the dllpgd[.]click server. Several popular games from a single developer were initially clean but later updated with the Android.Phantom.2.origin Trojan.

The researchers identified several mobile games containing malware:

• Creation Magic World (over 32,000 downloads);
• Cute Pet House (>34,000 downloads);
• Amazing Unicorn Party (>13,000 downloads);
• Sakura Dream Academy (>4,000 downloads);
• Theft Auto Mafia (>61,000 downloads);
• Open World Gangsters (>11,000 downloads).

“All infected games are hosted by a single developer, SHENZHEN RUIREN NETWORK CO., LTD., and the Trojans are embedded within them and run alongside the apps.” reads the report published by Dr Web.

“The initial versions of the games were free of malware. On September 28/29, the developer released updates for the games, which contained the Android.Phantom.2.origin Trojan . It operates in two modes, which are referred to in the program code as signaling and phantom.”

On October 15/16, the games were updated again to include Android.Phantom.5, a dropper carrying the Android.Phantom.4.origin remote loader, which downloads additional click-fraud Trojans. These simpler modules rely on JavaScript click scripts rather than ML or video streams. Android.Phantom.5 also enables downloading a required WebRTC library, expanding capabilities.

Beyond Xiaomi apps, the malware spreads via third-party APK sites like Moddroid and Apkmody through modified Spotify, YouTube, Deezer, and Netflix apps.

The researchers reported that many “Editor’s Choice” apps on Moddroid are infected. Malicious APKs also circulate on Telegram channels and a Discord server with 24,000 users promoting an infected Spotify X app.

The server data shows infections across multiple languages, with Spanish, French, German, Polish, and Italian most affected after English; many Asian languages lacked dedicated chats. These trojans can turn devices into bots for DDoS attacks, enable illegal activity, drain battery and data, and leak personal information via spyware modules. Users without updated antivirus protection are especially at risk, with children and those seeking unofficial app access being particularly vulnerable.

“We recommend avoiding downloading mods from untrusted websites and channels. Verifying the sources of mods or apps typically requires time, experience, and a keen eye.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TensorFlow ML)