Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud

Researchers at Doctor Web uncovered the Android.Phantom trojan family embedded into legitimate and modified Android apps (notably via Xiaomi GetApps and modded APK sites/Telegram/Discord), executing large-scale click-fraud using WebView automation, TensorFlowJS image analysis, and WebRTC-based remote control, with additional dropper modules and spyware exfiltrating device data; tens of thousands of app downloads indicate active distribution and significant risk to users.