HQ/EMEAFind out how we can help your business
A recent ad fraud cybercriminal operation specifically targets South Korean Android users. According to reports, the campaign starts with apps that spread through the Google Play Store. These applications discreetly load ads while the user’s device screen is inactive.
A threat advisory published earlier this week claimed that the new campaign is a strategy where app developers could generate profits without user interaction since they will gain ads even if a device is not working.
Unfortunately, these instances violate the Google Play Developer policies. The policy lays ground rules on how to display ads. Hence, these seemingly non-existing advertisements are defrauding advertisers who unknowingly pay for invisible ads and indirectly affect users in several ways.
The apps that include ad fraud have already collected millions of downloads.
A recent investigation revealed that over 40 apps contain ad fraud in their features. These Android applications have collectively gathered more than two million downloads.
Most apps are TV/DMB players, news and calendar apps, and music downloaders. The attackers commonly use such tools since they can gather traction with many users globally.
These ad fraud libraries use sophisticated features for their apps since they could employ delay tactics to bypass security detection and inspection. In addition, the app operators could remotely modify and push the behaviour of the apps through Firebase Storage or Messaging service.
The researchers added that the adware seeks specific permission, such as power-saving exclusion and draw-over apps after successful installation. These permissions could pave the way for fraudsters to execute further malicious campaigns on the infected device, such as displaying phishing pages and ads without the user’s consent.
Next, ad fraud activates when the device is inactive, which allows it to fetch and load ads, even if the device owners do not have an activity. Furthermore, the library registers device information and accesses restricted domains to recover ad URLS from Firebase Storage, which could cause a short battery life and consume mobile data.
Fortunately, the researchers have already reported the identified apps to Google. The company has already removed the app from the Play Store.
