- Android trojans use TensorFlow AI to mimic human ad clicks for fraud
- Fake apps on GetApps and other platforms spread malware with hidden browsers
- At least six apps found, totaling over 155,000 downloads
Cybercriminals have apparently found a way to use Artificial Intelligence (AI) for ad fraud, tricking traditional behavior-based defenses and successfully scamming ad networks and advertisers out of their money.
Ad networks and advertisers earn money, among other things, when people click on ads. Since the inception of online ads, criminals were looking for ways to automate the clicks, in order to generate large numbers of ad views and through that, get paid.
Since the fake clicks can only be programmed and automated, ad networks turned to behavioral analytics for defense. When the clicks happen too fast, not random enough, or similar, they are dismissed as fake. On some websites, ads would appear in different places, dynamically, preventing automated clicks.
Fake apps to power the fraud
Now, newly discovered Android trojans are using TensorFlow machine learning models to detect and click on ads in ways that mimic human behavior better.
Instead of predefined JavaScript routines, the new mechanisms rely solely on visual analysis, powered by machine learning. By using TensorFlow.js, an open-source library for training and deploying machine learning models in JavaScript, crooks are able to run AI models in browsers, or on servers using Node.js.
To get the malware to the victims’ Android devices, the criminals created numerous fake apps, and managed to place them on GetApps, Xiaomi’s official app repository. Researchers have also found these apps on numerous standalone websites, social media platforms, and instant messaging channels such as Telegram.
The apps operate a mode called ‘phantom’ which uses a hidden embedded browser in which the ads are loaded. The browser is placed on a virtual screen; screenshots are shared with TensorFlow to analyze and identify where the ads are.
As a result, the tapping on UI elements feels more natural, tricking traditional behavior-based defenses.
It was also said that the malware can live stream the virtual browser screen directly to the attackers, granting them unabated access to tap, scroll, and enter commands.
So far, at least six apps were found, cumulatively having more than 155,000 downloads.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Source: TechRadar
