Phantom Malware in Android Game Mods Hijacks Devices for Ad Fraud – Hackread – Cybersecurity News, Data Breaches, AI, and More
https://hackread.com/phantom-malware-android-game-mods-ad-fraud/
Publish Date: 2026-01-28 05:47:00
Source Domain: hackread.com
Phantom malware hidden in Android game mods hijacks devices to run covert ad fraud, using remote control and machine learning to mimic user behavior.
Android Smartphone owners installing modified games and apps are now facing yet another threat that turns their devices into tools for click fraud, researchers at Doctor Web’s antivirus lab report. The malware, part of a family tracked as Android.Phantom, has been found bundled with popular titles and spreads through unofficial app sources and third‑party stores.
Researchers first noticed this strain after several Android games began behaving suspiciously following updates in late September 2025 from a single developer account. Titles such as Creation Magic World, Cute Pet House, and Theft Auto Mafia were clean before September 2025, but later distributed versions bundled with the trojan. Once installed, the malware launches along with the game without any visible alert to the user.
Two of the malicious apps flagged by researchers, among several identified in the campaign (Image credit: Doctor Web)
According to Doctor Web’s report, the Android.Phantom family operates in two modes controlled by commands from remote servers. In the so‑called “phantom” mode, the malware uses a hidden browser component to load specified web pages, then downloads a script and a machine‑learning model to analyse and interact with ads, mimicking real user clicks. It also pulls Machine‑learning code from an external host to assist in automating this interaction.
In its alternate mode, the malware sets up peer‑to‑peer connections using WebRTC, allowing remote controllers to see and interact with the user’s virtual screen in real time. That remote session can perform actions such as scrolling, tapping, and text input directly on the infected device.
Doctor Web also noted that the use of Android.Phantom toolkit has grown over time, with regular updates adding new capabilities. An additional module…
