New malware found. MagicAd breaks through the protection system. Ad salvo.
New malware "MagicAd" detected, broke through the protection system, fired garbage ads at Android users.
According to a report by the website Cybersecurity News, it mentioned the detection of Flood malware, advertising waste on the victim's machine called MagicAd, focusing the attack on a group of Android users, whose research team from Dr.Web, an anti-virus tool developer, said it had detected the malware on more than 50 video games on Xiaomi's official mobile phone app store, GetApps, with the malware contamination game appearing on the app store for about a month before quietly disappearing from the app store and being replaced by a new app that inserted malware instead, which the research team estimated was a technique to evade malware. The research team also revealed that the app store was not the first to detect this malware because it was first detected on the Samsung Galaxy app store in 2025.
For the functional part of the malware, after the malware is installed to the machine before the operation is performed, the malware detects whether there is any monitoring system on the machine, such as the malware analysis tool or what the malware is doing in the virtual machine environment. If it is detected, it will stop immediately. If everything looks normal, the malware will hide the icon on the screen and install the service in the background so that the malware can run secretly at all times. In addition, the malware has the ability to create persistence on the system to run. Persistent with Task Scheduling, and in older versions of Android, the Virtual Screen technique is used to prevent the system from disclosing the Component of malware.
Malware has a malware technique to evade restrictions on the machine. It can shoot ads on the machine without any permissions. By displaying ads in the Translucent Activity section, ads can be inserted in apps without any permissions. In addition, it has been verified that malware uses different techniques according to mobile brands, such as
On Xiaomi-branded mobile phones, the malware generates messages (Messages) in Intents form, sending them to built-in apps such as Mi Browser and Miui SystemUI. These tools can receive Instruction commands even without opening the app. Therefore, they are used as intermediaries to display malware ads.
For Vivo mobile phones, it instead uses tools like Android Binder to send commands to iManager, Phonebook, Vivo Browser, and Baidu IME Customized apps. The result will be the same for Xiaomi.
The research team also revealed that malware is not limited to attacks on mobile phones of the above brands. Malware can also be embedded to attack Amazon Fire TV tools.
# Trending # Lemon 8 Howtoo # lemon 8 diary # Android # Malware


























































































