CATEGORIES
home IT Infrastructure Security

New Android Malware Lets Hackers Turn Google Play Apps Into Spyware

by Alan VelascoWednesday, December 17, 2025, 03:21 PM EDT
cellik android malware hero
The security research team at iVerify Threat Intelligence have discovered a new Remote Access Trojan (RAT) that has been dubbed Cellik, and which is targeting Android users. It includes features typically seen on advanced spyware and delivers functionality that allows threat actors to spread their wares in a more stealthy fashion.

Once a user has been compromised by Cellik, attackers have the ability to both view and control the device in real time with little to no lag. This includes being able to see any incoming notifications, which can be used to steal multi-factor authentication codes or read private messages. Additionally, attackers gain complete access to any data stored on the device, including any linked cloud storage directories.

Beyond providing threat actors with unlimited access to a victim's data, Cellik also provides an avenue for phishing and other kinds of web based attacks. It’s able to launch and run a web browser that is invisible to a victim, which can tap into saved cookies and sessions to steal credentials, or private information including credit card numbers, if the user has stored or used them.

cellik android malware body

Moreover, attackers get access to an “injector lab” where they can create bespoke injection attacks targeting a variety of apps. This makes it possible to design and deploy an overlay that runs atop a legitimate app, which can lead to the theft of login information or other valuable data.

What makes Cellik unique from other malware, though, is how it is able to abuse the Google Play Store. Attackers can choose an app currently available on the store and rebuild it with Cellik integration, all with one click. The developers of the malware claim that it can bypass the protections provided by Google Play Protect thanks to this method.

Even if Cellik doesn’t deliver on its lofty claim of bypassing Google’s security mechanisms, it’s still a formidable piece of malware. We recommend that users stick to using the Google Play Store when downloading and installing apps, but it would be wise to take a closer look at the listed developer of any given app to make sure you’re actually getting the app you expect.
Tags:  Android, Malware, Google, security
AV

Alan Velasco

Opinions and content posted by HotHardware contributors are their own.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment