Cybersecurity company Human has discovered another adware campaign engaging in ad fraud targeting iOS and Android devices. In the simplest terms, ad fraud allows a bad actor to either visibly spam an application with ads or manipulate the code such that the ads are invisible to the user while the bad actor extracts the advertising money from a distributor.
At each iteration, it’s fraudulent. Ad fraud has been prevalent in the industry for some time, and the latest investigation revealed a cache of over 75 Android apps listed in the Google Play Store and nearly a dozen apps on the Google App Store. Apple who engage in various forms of ad fraud.
Bad apps have been collectively downloaded more than 13 million times across Google and Apple’s app ecosystems. After being notified by Human, Google and Apple have since removed the apps from their respective app repositories.
This is the third wave of the same attack, which was first reported in 2019 and has been labeled Poseidon. The second wave that raised its head in 2020 was dubbed Charybdis, while the current attack wave was given the name Scylla. Over time, the targeting campaign acquired the ability to obfuscate malicious code and the targeting capability of the SDK.
By the time the Scylla adware campaign gained momentum, it could masquerade as a legitimate game, tricking advertisers into spending more money. The fraud uses hidden advertisements that are not visible to users, or simply out-of-context applications that appear randomly on the screen. Gambling with ad display statistics has also been observed as a way to record ad clicks and earn money.
What is the safe road ahead of you?
The most reasonable course of action is to remove problematic apps, assuming they are already installed on your phone. You can view the full list of applications containing adware on the Human website. An effective precautionary measure is to always install apps from trusted developers and publishers.
Another option is to upgrade to the premium version of an app if the free tier displays too many shady ads that lead to an even more malicious webpage being clicked. App developers don’t always have too much control over the ads appearing on their apps.
We live in an age of continuous web tracking, and targeted ads inspired by behavioral patterns are the most intrusive. Since advertising companies often rely on breadcrumbs of our online activities, you should clear your browser history, cache, and cookies from time to time.
You can also try specialized adware removal apps, just to be on the safe side. NordVPN offers a pretty robust ad blocking system. Other reliable options are Adware Cleaner from Pocket Bits, Norton Ad Blocker, TotalAV and Malwarebytes.
Adware is not a new phenomenon, especially on the Android side of the ecosystem. But despite Apple’s claims of a safe app ecosystem, iPhones aren’t exactly waterproof. Security firm Wandera spotted 17 apps on the App Store in 2019 that served invisible ads and recorded phantom clicks to generate ad revenue.
In 2018, a Cisco Talos researcher uncovered a highly targeted attack that only hit 13 iPhones in India by weaponizing the MDM server. One of the suspicious results of the attack was the random appearance of advertisements on infected devices. But the malware ecosystem is an ever-changing landscape. Just over a month ago, experts at the German Technical University of Darmstadt concocted deadly malware that is transmitted via Bluetooth and can even infect an iPhone when turned off.