An advanced Android Remote Access Trojan (RAT) hiding within legitimate applications.
JOIN OUR TELEGRAMCellik uses a "dropper" technique. It bundles itself inside seemingly innocent apps (Calculators, Photo Editors) often distributed via third-party stores.
Once installed, Cellik grants the attacker VNC-like control. They can view the screen in real-time and intercept 2FA SMS codes.
The malware requests "Accessibility Services" under false pretenses to prevent uninstallation and hide its icon from the app drawer.
sysadmin@defense:~$ analyze_threat --target=cellik.apk
[*] Scanning package signature...
[*] Detected: Obfuscated Payload
[*] Permissions Requested: SMS_READ, SCREEN_CAPTURE, ACCESSIBILITY
[!] CRITICAL WARNING: This malware can bypass banking 2FA.
sysadmin@defense:~$ _
Never grant "Accessibility" permissions to simple apps like flashlights, calculators, or cleaners. This is the #1 way Cellik takes control.
Avoid third-party APK sites. Cellik often hides in "Modded" or "Pro" versions of games found on Telegram or suspicious websites.
Ensure Google Play Protect is enabled. It can often detect the signature of known Cellik variants before they install.