According to HotHardware, the security team at iVerify Threat Intelligence has discovered a new and highly sophisticated Android Remote Access Trojan (RAT) they’ve named Cellik. This malware is packed with advanced spyware features designed for stealth and gives attackers near-total, real-time control over a compromised device. Once infected, attackers can view notifications to steal multi-factor codes, access all device and cloud storage data, and even run an invisible browser to hijack saved sessions and credentials. Most alarmingly, Cellik includes a tool that lets attackers choose any app from the Google Play Store and rebuild it with the malware integrated in a single click, a method its developers claim can bypass Google Play Protect.
Why This Malware Is a Different Beast
Look, Android malware isn’t new. But Cellik’s one-click “repackaging” feature is a serious escalation in operational efficiency for hackers. Basically, it massively lowers the barrier to creating a convincing, malicious app. Instead of building a fake banking app from scratch and hoping people download it from a shady site, an attacker can just take the real, popular banking app from the Play Store, inject Cellik into it, and redistribute it. The app looks and functions perfectly normally, which is the ultimate Trojan horse. That’s a huge problem for trust in the official app store ecosystem.
The Invisible Threat On Your Phone
And the access it grants is terrifyingly comprehensive. Real-time screen viewing with “little to no lag” means an attacker can literally watch you type your passwords. The invisible browser feature is a silent credential harvester, and the “injector lab” for creating overlay attacks means they can target specific apps you use. This isn’t just adware; it’s a full-service digital surveillance and theft platform. The promise to bypass Play Protect might be bluster, but even if it only works sometimes, the potential damage is enormous. It turns your phone, a device you likely trust for everything, into a perfect spy.
So, What Can You Actually Do?
Here’s the frustrating part: the standard advice still applies, but it feels less reassuring against a threat this clever. You should still only download from the Google Play Store, but now you need to be hyper-vigilant. Check the developer name on the app listing meticulously. Is it the legitimate company, or a weird copycat name? Look at the number of downloads and reviews—is it suspiciously low for a supposedly major app? Be skeptical of apps requesting excessive permissions. This is a reminder that security is a layered defense. For professionals in sectors like manufacturing or industrial control, where mobile devices might interface with critical systems, this threat underscores the need for extremely locked-down, dedicated hardware. In those environments, specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, are essential because they provide hardened, purpose-built devices that avoid the consumer app ecosystem entirely.
The Bigger Picture for Google
This puts Google in a tough spot. Play Protect and their app review processes are their main line of defense, and a tool that claims to automate bypassing them is a direct challenge. If Cellik or its methods become widespread, it could seriously erode user confidence in the Play Store itself. Google’s gonna have to up its detection game, probably focusing more on behavioral analysis of apps after installation, not just static scans during upload. Because if bad actors can weaponize the store’s own legitimate catalog with one click, that’s a game-changer. And not a fun one.
