Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026
A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements.
The mechanism relies on visual analysis based on machine learning instead of predefined JavaScript click routines, and does not involve script-based DOM-level interaction like classic click-fraud trojans.
The threat actor is using TensorFlow.js, an open-source library developed by Google for training and deploying machine learning models in JavaScript. It permits running AI models in browsers or on servers using Node.js.
Researchers at mobile security company Dr.Web found that the new family of Android trojans is distributed through GetApps, the official app store for Xiaomi devices.
They discovered that the malware can operate in a mode called 'phantom', which uses a hidden WebView-based embedded browser to load a target page for click-fraud and a JavaScript file. The script's purpose is to automate actions on the ads shown on the loaded site.
After loading the trained model from a remote server, the hidden browser is placed on a virtual screen, and screenshots are taken for TensorFlow.js to analyze and identify relevant elements.
By tapping on the correct UI element, the malware reproduces normal activity from a user. This method is more effective and resilient against modern ad variability, as most of these ads are dynamic, frequently change structure, and often use iframes or video.
A second mode, called 'signalling', uses WebRTC to stream a live video feed of the virtual browser screen to the attackers, allowing them to perform real-time actions like tapping, scrolling, and entering text.
The threat actor distributes the malware in games on Xiaomi’s GetApps software catalogue. Initially, the apps are submitted without malicious functionality and receive the malicious components in subsequent updates.
Some of the infected games identified by Doctor Web are:
Source: BleepingComputer
