A new Android malware, dubbed MagicAd, has been detected inundating devices with advertisements while evading the platform’s security measures. Security experts have highlighted its ability to bypass Android’s built-in restrictions, posing a significant threat to users.
MagicAd’s Stealthy Methods
MagicAd distinguishes itself by operating in the background, effectively displaying ads even after users close the infected application. It was discovered lurking within over 50 games and applications on GetApps, the official app marketplace for Xiaomi devices. These malicious apps appeared briefly in the store, typically for a month, before being replaced, a tactic designed to avoid detection while maintaining the threat on users’ devices.
According to Dr.Web, a well-known antivirus vendor, MagicAd was also identified in the Samsung Galaxy Store in 2025. Despite the cessation of new uploads by the developers, devices previously infected remain vulnerable as the malware continues its operations even when the original app is removed from the store.
Broader Impact Beyond Xiaomi
MagicAd’s reach extends beyond Xiaomi devices, targeting Vivo smartphones and Amazon Fire TV devices as well. This broadens the scope of the threat, making it a concern for a wider range of Android users. The malware cleverly avoids detection by scrutinizing its environment for virtual machines and ensuring installations are from legitimate users before activating its operations.
Once active, the trojan hides its icon from the app menu and establishes silent background services to ensure continuous operation. On Xiaomi devices, it leverages trusted system applications like Mi Browser and Miui SystemUI to relay ad content onto the screen without user permission.
Advanced Techniques and User Safeguards
MagicAd employs advanced techniques, such as utilizing a ‘Translucent Activity’ to display ads without triggering standard permission checks. Additionally, it decrypts audio files to exploit Android’s media controls, enabling it to launch ads seamlessly across various devices.
To counteract MagicAd, users are advised to routinely assess and uninstall unfamiliar apps from their devices. Keeping the device’s operating system updated is crucial, as newer Android versions are designed to block the background activities MagicAd exploits. Utilizing reliable mobile security solutions can help detect and eradicate infections before they cause significant disruption.
Continuous vigilance and proactive measures are essential in protecting devices from threats like MagicAd, which continuously evolves to bypass existing security protocols.
