Particle.news
Download on the App Store
5 ARTICLES
·
4w ago

AI Malware on Android Uses TensorFlow.js to Auto-Click Ads, Spreads via Xiaomi’s GetApps

On-device models visually detect ad elements inside a hidden WebView, producing userlike taps that evade script-based defenses.

Overview

  • Dr.Web detailed the Android.Phantom trojan family, which loads remote machine-learning models and automates ad interactions in a concealed browser.
  • A separate signalling mode streams the virtual screen via WebRTC, enabling attackers to tap, scroll, or enter text in real time.
  • Infected games from SHENZHEN RUIREN NETWORK CO., LTD. were initially clean, then gained trojan components through late-September and mid-October updates.
  • Distribution also targets users through modded APK hubs like Apkmody and Moddroid, Telegram channels, and a Discord server promoting an infected Spotify build.
  • Researchers warn of battery drain and increased data usage for victims and advise avoiding sideloaded or modified apps outside Google Play.