A new malware threat puts millions of Android users at risk. Researchers from the cybersecurity laboratory Doctor Web warned about the expansion of a family of Trojans called Android.Phantom, designed to infect cell phones through games and popular applications.
Their main goal is to send spam, commit online fraud, and engage in other illegal activities without the user immediately realizing it.
According to the specialists’ report, these Trojans are distinguished by incorporating machine learning techniques, which allows them to interact autonomously with fraudulent advertisements and use infected devices as tools within digital abuse networks.
The threat can operate under two different modalities, known as ghost mode and signaling mode, which considerably expands its reach and danger.
In so-called ghost mode, the malware loads web content in the background and simulates clicks on malicious ads using automation scripts supported by TensorFlowJS, a machine learning framework.
This entire process is executed without the need for direct user interaction, which makes it difficult to immediately detect the problem.In parallel, the signaling mode allows the Trojan to exchange data, audio and video in real time, turning the phone into an active node without requiring the installation of additional software.
According to Doctor Web, the real risk of Android.Phantom lies in the use that attackers can make of compromised devices.Infected mobile phones can be integrated into denial of service (DDoS) attacks, used to send mass spam, participate in advertising fraud or even facilitate the theft of personal information.
Although many of these actions are carried out silently, experts point out that the infection usually leaves visible traces.
Common signs include abnormal battery consumption, an unexplained increase in mobile data traffic, and slower overall device performance.These signs, although not always immediately associated with malware, can be an early warning that the phone is being used for unauthorized purposes.
The research also identified that Trojans mainly affect Xiaomi devices.According to the report, several infected applications were detected in the brand’s official store, Mi Store, and all of them were published by a developer identified as Shenzhen Ruiren Network.
In many cases, the apps were initially uploaded without malicious code and it was a later update that introduced the Trojan, a strategy that seeks to generate trust before executing the infection.
Furthermore, Android.Phantom has also been spread through modified versions of Spotify, which promise premium or advanced features for free.These altered applications are mainly distributed through Telegram channels and unofficial websites, a common method in malware campaigns targeting users looking for unrestricted software.
In this scenario, Doctor Web strongly recommends Android users not to download modified APK files from untrustworthy sources and avoid links shared on dubious channels or pages.Likewise, it emphasizes the importance of having an updated antivirus and frequently reviewing the behavior of the device.
For those who suspect that their mobile phone may be infected, experts suggest a series of basic steps to eliminate possible threats.Entre ellos,reiniciar el teléfono en modo seguro, revisar manualmente las aplicacionesinstaladas, desinstalar cualquier software sospechoso y activar Google PlayProtect desde la Play Store para realizar análisis de seguridad.

