Cellik, an Android malware-as-a-service (MaaS), is now circulating on underground forums. This service allows threat actors to transform legitimate Google Play Store apps into malicious variants without altering their interface or functionality.
Malware Features and Risks
Mobile security firm iVerify discovered Cellik being sold at $150 per month or a one-time fee of $900. The malware can stealthily capture screen data, intercept notifications, browse the filesystem, and exfiltrate files. It communicates with a command-and-control server through encrypted channels.
- Cellik can infect legitimate apps with trojanized code.
- It allows attackers to overlay phishing screens over genuine apps to steal credentials.
- Features a hidden browser mode leveraging stored cookies for unauthorized access.
- Includes an APK builder for seamless integration with official Play Store apps.
Market Impact and Recommendations
iVerify cautions users against downloading APKs from questionable sources and advises monitoring app permissions regularly. Although Cellik claims possible circumvention of Google Play security features like Play Protect, this remains unconfirmed as Google has not yet commented.
As MaaS threats like Cellik proliferate, users and businesses must heighten security measures to safeguard against potential data breaches and device takeovers. Remaining vigilant with app permissions and updates is essential in mitigating risks associated with such malware attacks.
