- Android Trojans Use TensorFlow AI to Mimic Human Clicks on Ads for Fraudulent Purposes
- Fake apps on GetApps and other platforms spread malware with hidden browsers
- At least six applications were found, with a total of more than 155,000 downloads.
Cybercriminals have apparently found a way to use Artificial Intelligence (AI) for ad fraud, fooling traditional behavior-based defenses and successfully scamming ad networks and advertisers out of their money.
Ad networks and advertisers make money, among other things, when people click on ads. Since the beginning of online advertising, criminals have been looking for ways to automate clicks to generate a large number of ad views and, through this, receive payments.
Since fake clicks can only be programmed and automated, ad networks turned to behavioral analysis as a defense. When clicks happen too fast, not random enough, or similar, they are discarded as fake. On some websites, ads appeared in different places, dynamically, avoiding automatic clicks.
Fake applications to promote fraud
Now, the newly discovered Android Trojans are using TensorFlow machine learning models to detect ads and click on them in ways that better mimic human behavior.
Instead of predefined JavaScript routines, the new mechanisms rely solely on visual analytics, powered by machine learning. By using TensorFlow.js, an open source library for training and deploying machine learning models in JavaScript, criminals can run AI models in browsers or on servers using Node.js.
To deliver malware to victims’ Android devices, criminals created numerous fake apps and managed to place them on GetApps, Xiaomi’s official app repository. Researchers have also found these apps on numerous independent websites, social media platforms, and instant messaging channels like Telegram.
The apps operate in a so-called “ghost” mode that uses a hidden embedded browser in which ads are loaded. The browser is placed on a virtual screen; Screenshots are shared with TensorFlow to analyze and identify where the ads are.
As a result, tapping UI elements feels more natural, fooling traditional behavior-based defenses.
It was also said that the malware can live stream the virtual browser screen directly to attackers, granting them uninterrupted access to tap, scroll and enter commands.
So far, at least six applications have been found, with more than 155,000 accumulated downloads.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
