- Android Trojans use TensorFlow AI to mimic human ad clicks for fraud
- Fake apps on GetApps and other platforms spread malware with hidden browsers
- At least six apps found, totaling over 155,000 downloads
Cybercriminals have apparently found a way to use artificial intelligence (AI) for ad fraud, fool traditional behavioral defenses and successfully cheat ad networks and advertisers out of their money.
Ad networks and advertisers make money, among other things, when people click on ads. Since the beginning of online advertising, criminals have been looking for ways to automate the clicks to generate a large number of ad impressions and thereby get paid.
Since the fake clicks can only be programmed and automated, ad networks turned to behavioral analytics for defense. When the clicks happen too quickly, not randomly enough or similar, they are rejected as fake. On some sites, ads will be displayed in different places dynamically, preventing automatic clicks.
Fake apps to run the scam
Now, newly discovered Android Trojans are using TensorFlow machine learning models to detect and click on ads in ways that better mimic human behavior.
Instead of predefined JavaScript routines, the new mechanisms rely entirely on visual analysis, powered by machine learning. Using TensorFlow.js, an open source library for training and deploying machine learning models in JavaScript, bad guys are able to run AI models in browsers or on servers using Node.js.
To get the malware onto the victims’ Android devices, the criminals created several fake apps and managed to place them on GetApps, Xiaomi’s official app store. Researchers have also found these apps on several standalone websites, social media platforms and instant messaging channels such as Telegram.
The apps operate in a mode called ‘phantom’, which uses a hidden integrated browser in which the ads are loaded. The browser is located on a virtual screen; screenshots are shared with TensorFlow to analyze and identify where the ads are.
As a result, tapping on UI elements feels more natural, tricking traditional behavior-based defenses.
It was also said that the malware can live stream the virtual browser screen directly to the attackers, giving them unmitigated access to tap, scroll and enter commands.
So far, at least six apps have been found, cumulatively with more than 155,000 downloads.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
