Find notable cyber news and cases, enriched with sources, timelines, and signals.

Android click-fraud trojans using TensorFlow.js to automate hidden ad taps

Malware Activity
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

The Android click-fraud trojan family now uses TensorFlow.js to identify and tap ad elements on Android devices, making fraudulent clicks more adaptive and harder to spot. The malware’s covert hidden WebView workflow lets it mimic normal user activity while driving ad traffic. It is also spread through Xiaomi GetApps and third-party APK channels, expanding exposure beyond trusted app sources. The main user impact is battery drainage and increased mobile data charges.

Related Happenings

RedWing Android spyware rented through Telegram

Malware Activity
H score21 First: 08.07.2026 18:30 Last: 08.07.2026 18:30 Sources 1

About this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...

Bright Data iOS SDK teardown reveals unauthenticated scraping relay and VPN bypass

Technical Analysis
H score45 First: 06.06.2026 11:29 Last: 06.06.2026 11:29 Sources 1

About this happening: Researchers **reverse-engineered Bright Data's iOS SDK** and found it can turn consumer devices into **exit nodes** for web-scraping traffic. The teardown showed the job channel h...

WeedHack YouTube and SEO poisoning campaign targeting Minecraft players

Campaign
H score73 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service (MaaS)** campaign that uses **YouTube** and **SEO poisoning** to push malicious **mods, clients, cheats, and utilities**...

Trapdoor Android malvertising and ad-fraud campaign

Campaign
H score39 First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Google rolls out Android Intrusion Logging in Android Advanced Protection Mode

Security Tool/Service
H score10 First: 14.05.2026 16:30 Last: 14.05.2026 16:30 Sources 1

About this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...

Timeline

  1. 22.01.2026 00:07 2 articles · 5mo ago

    Dr.Web reports Android click-fraud trojans using TensorFlow.js and hidden WebView

    Initial Disclosure

    Dr.Web identified a new family of Android click-fraud trojans that uses TensorFlow.js and a hidden WebView to visually detect and tap ad elements instead of script-based DOM click routines. The malware is distributed through Xiaomi GetApps, third-party APK sites, Telegram channels, and a Discord server, and it operates with 'phantom' and 'signalling' modes that can covertly automate clicks or stream the virtual browser screen for operator control. Affected Android users can experience battery drainage, premature battery degradation, and increased mobile data charges.

    Show sources