Malware and computer viruses used to be simpler back in the day. However, as technology advances, so does the complexity of malware. Recently, a report from security firm iVerify has uncovered a new Android malware called Cellik. This is an Android RAT (Remote Access Trojan) type malware, which isn’t new per se, but what makes it insidious and dangerous is its ability to hide within legitimate apps in the Google Play Store . This increases its chances of spreading on a wider scale.

What makes Cellik so dangerous

Cellik operates as a RAT. This means that attackers can gain complete control over infected devices. Not only that, but the Cellik Android malware can stream your screen in real time, intercept notifications, log keystrokes, and even run a hidden browser to hijack active sessions. This means attackers can steal credentials from banking apps, Gmail, Facebook, and other sensitive services without you knowing.

The malware spreads by embedding itself around popular Play Store apps, making detection extremely difficult. Once installed, it accesses your entire file system, uploads and downloads files. It also uses advanced injection systems to overlay fake login screens. This tricks users into thinking that when they log into their bank or social media account, they’re actually handing your credentials directly to attackers. Similar to other recent Android threats , Cellik is part of a growing malware-as-a-service trend, where even inexperienced cybercriminals can deploy sophisticated spyware.

How to protect yourself from Android malware

While malware like Cellik is sophisticated, you can take steps to protect yourself. First, carefully review app permissions before installing anything. If a simple game or utility app requests access to your messages, calls, or accessibility services, that’s definitely something to be suspicious about.

Also, don’t forget to check app reviews and developer information before downloading. Legitimate apps typically have established developers with clear track records.

You should also keep your Android device updated with the latest security patches. Google and handset makers regularly release patches that protect against threats, among bug fixes and general improvements.

Lastly, make sure Google Play Protect is enabled. The feature is enabled by default, but it’s good to double check anyway. What it does is it provides automatic protection against known malware. However, the best defense is staying cautious about what you install. As security researchers have noted , avoiding sideloaded apps from unknown sources can significantly reduce your risk of infection.