Last week in security news, researchers found a new clicker malware called “Tekya” hidden within 24 children’s games on the Google Play store. Mobile users weren’t the only ones targeted by malicious software last week, however. Malware campaigns targeting vulnerable network-attached storage (NAS) devices, industrial environments and banking customers in Germany also came to light.

Top Story of the Week: Google Play Infiltrated by Tekya Clicker Malware

Researchers at Check Point noted that a new malware family called “Tekya” had made its way into 56 apps available for download on Google Play with a combined total of 1 million downloads worldwide. Over half (32) of those affected apps were utilities such as cooking programs, calculators, downloaders and translators. The remaining 24 apps were games designed for children.

Upon successful installation, Tekya set about to commit mobile ad fraud. It did this by imitating a user’s actions to click on ads and banners from Google’s AdMob, Facebook and other agencies.

Also in Security News

  • 2FA Bypass Incorporated by Trickbot Campaign Targeting German Users: Researchers at IBM X-Force observed attackers pushing an Android app called “TrickMo” in Germany. Delivered by the Trickbot Trojan, this program bypassed two-factor authentication (2FA) measures to steal German users’ banking credentials.
  • Milum Distributed in WildPressure Operation Targeting the Middle East: Kaspersky Lab detected a new advanced persistent threat (APT) operation called “WildPressure” spreading a fully functional Trojan written in C++. This malware, originally named “Milum46_Win32.exe,” stole information off of a victim’s device and exfiltrated it to its command-and-control (C&C) server.
  • Vulnerable NAS Devices Targeted by Mukashi Mirai Variant: Researchers at Palo Alto Networks spotted a new variant of Mirai called “Mukashi” leveraging brute-force attacks to target NAS products from Zyxel running firmware 5.21. Mukashi’s purpose behind those attacks was to compromise those devices, enlist them into a botnet and potentially conduct distributed denial-of-service (DDoS) attacks.
  • Oski Infostealer Seeded by New DNS Hijacking Campaign: According to Bitdefender, malicious actors set their sights on users’ home routers in order to change their DNS settings so that they could redirect users to a malicious website. The campaign leveraged payloads hosted via Bitbucket to spread samples of Oski malware.
  • Google Drive Used by Downloader to Spread Advanced Malware: The Zscaler ThreatLabZ team witnessed a spam campaign using various email templates to target people in various countries around the world. That campaign, in turn, distributed Win32.Downloader.EdLoader, a downloader that delivered its final malware payload via Google Drive.

Security Tip of the Week: Strengthen Your Organization’s Mobile Security

Security professionals can help organizations strengthen their mobile security posture by investing in capabilities that can analyze suspicious behavior on corporate mobile devices and correlate it with intelligence into how digital threats normally function. Solutions that use artificial intelligence (AI) and machine learning are a good place to start.

Additionally, infosec personnel should pursue mobile security best practices by implementing patches on a regular basis, restricting the sources from which mobile users can download apps and enforcing a robust password management strategy.

More from

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and organizations should still devote efforts to patching zero days once a patch is released, there are characteristics of certain…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Hack-for-Hire Groups May Be the New Face of Cybercrime

Google’s Threat Analysis Group (TAG) recently released a report about growing hack-for-hire activity. In contrast to Malware-as-a-Service (MaaS), hack-for-hire firms conduct sophisticated, hands-on attacks. They target a wide range of users and exploit known security flaws when executing their campaigns. “We have seen hack-for-hire groups target human rights and political activists, journalists and other high-risk users around the world, putting their privacy, safety and security at risk,” Google TAG says. “They also conduct corporate espionage, handily obscuring their clients’ role.”…