531/68 Thursday, December 18, 2025
A newly discovered Android malware named “Cellik” has been identified operating as a Malware-as-a-Service (MaaS) offering on underground markets, with subscription prices starting at approximately $150 per month. According to cybersecurity firm iVerify, one of Cellik’s most concerning capabilities is its ability to take any legitimate application from the Google Play Store, modify it, and inject malicious code while preserving the original app’s appearance and functionality. This makes it extremely difficult for users to distinguish between genuine and trojanized applications.
From a technical perspective, Cellik supports a wide range of surveillance and data-theft functions, including real-time screen streaming, notification interception, file exfiltration, and a “stealth browser mode” that leverages the victim’s cookies to access online accounts without requiring re-authentication. The malware also includes an App Injection mechanism capable of overlaying fake login screens on top of legitimate applications to steal credentials. The developers claim that this approach-embedding malware within trusted-looking apps-can help evade detection by Google Play Protect.
To mitigate the risk posed by this threat, Android users are advised to avoid installing applications from unofficial sources or unknown APK files, even if they appear to be popular or legitimate apps. Users should ensure that Google Play Protect remains enabled at all times and carefully review application permissions for any abnormal or excessive access requests. Any suspicious behavior should be investigated immediately.
