New AI-powered Android malware hijacks ads and screens in mobile games

A newly discovered strain of Android malware is using artificial intelligence to commit ad fraud and potentially give hackers access to users’ screens, according to security researchers.

The malware has been found hidden inside several mobile games distributed through unofficial app stores and, in some cases, Xiaomi’s GetApps store.

Cybersecurity firm Dr Web Security Researchers reported that the malware employs machine learning models developed utilising Google’s open-source TensorFlow.js library.

The key objective is to automate interactions with in-app advertisements, requiring no user input, a technique called clickjacking. The objective behind such a campaign is to artificially increase ad clicks, thereby increasing ad revenues.

How does AI malware work?

The malware compares content on display when an advertisement occurs and determines how to react to this content. Such a function enables malware to evade detection methods and process varying kinds of adverts. In other instances, this malware may function in a hidden or phantom state where invisible windows are used to click adverts in a browser automatically.

However, in case of failure of the automated system, researchers claim that human operators can remotely take control of the infected device. The intruders can scroll, tap, and interact with the infected screen by using a technique known as ‘signalling’.

Three infected games have been identified to have originated from a specific game developer, namely Shenzhen Ruiren Network Co. Ltd.

The affected games include:

• Creation Magic World
• Cute Pet House
• Amazing Unicorn Party
• Sakura Dream Academy
• Theft Auto Mafia 
• Open World Gangsters