A new strain of Android malware is quietly infecting smartphones through modded games and popular apps, transforming unsuspecting users, including children, into participants in large-scale cybercrime operations.
According to cybersecurity firm Dr. Web, the Android.Phantom trojan family is being distributed primarily through altered versions of mobile games hosted on third-party app catalogs, with Xiaomi’s GetApps platform identified as a major delivery channel.
The infected apps masquerade as harmless games, many of them designed to appeal to younger users, before activating malicious code in the background.
Dr. Web researchers say the malware is introduced through game updates rather than the original versions of the apps, allowing attackers to exploit users who already trusted and installed the software.
Once installed, the malware operates covertly, launching alongside the game and remaining hidden from the user. In its most advanced form, the trojan uses machine learning tools to analyze on-screen content and automatically interact with online advertisements, generating fraudulent clicks. In other cases, the infected device streams live video of a virtual browser session to remote operators, who can tap, scroll and input text as if they were physically holding the phone.
The result is that infected smartphones are effectively hijacked and repurposed for criminal activity without their owners’ knowledge.
“A user’s smartphone can be commandeered to partake in a DDoS attack and, by doing so, get its owner unwittingly involved in a cybercrime… Attackers can use a compromised device to conduct illegal activities: run online fraud schemes or send spam messages… Android.Phantom.5.origin is spyware that will transmit information about the device and its owner to a third party.”
Dr. Web warns that children are particularly at risk, as they are more likely to download free games or modified apps without scrutinizing permissions or security warnings. The researchers note that access restrictions to legitimate services can push users toward unofficial app sources, creating fertile ground for malware distribution.
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.