Published: November 13, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Yes, it’s happened again. Although both Google Play Store and Apple App store say they do everything they can to keep malware-infected apps out of their stores, it keeps happening. And now, a new tranche of over 90 advertising fraud apps were recently removed from both app stores.
This time, Scylla malware was found infecting mostly gaming apps with its ad fraud malware. But by the time Scylla’s operation was discovered by researchers at HUMAN’s Satori Threat Intelligence and Research team and then removed by Google and Apple, there were more than 13 million downloads.
Scylla’s Ad Fraud Methods
The team discovered Scylla is a new offspring of the 2019 Poseidon advertising fraud operation. Cybercriminals use ad fraud, a cousin of adware, to make money. Scylla successfully used new tricks and techniques helping keep it active, downloaded, and hidden from malware-snooping security efforts by both app stores.
Scylla uses several methods of ad fraud to not only deceive advertisers, but to also mislead users who’ve downloaded one of its infected apps. Know that all of Scylla’s methods share the common goal of surreptitiously stealing money from advertisers, as shown below.
Fake “ad clicks” use malicious bots to imitate real user clicks on ads. Advertisers often pay on a per-click basis, so the more clicks, the more the hacker profits. “App spoofing” tricks users into downloading the infected app, and cons advertisers into believing the apps are a new place to advertise; “hidden ads” never actually appear, but the app counts them as viewed. “Out-of-context ads” pop-up at unexpected times in unexpected places on a device.
Avoiding Scylla and Other Infected Apps
It’s highly recommended that all users who suspect they downloaded one or more of Scylla’s infected apps should delete them immediately. If your device is running unusually slowly, a lot of processing power is being used and you don't know why, or something just doesn't seem right, you may have downloaded malware. Also, the tips below can help keep us all less likely to download malware apps in the first place.
Read app reviews before downloading. Check user ratings and reviews as a guide to download the app or not, and can warn about an app acting strangely. Remember, only a few reviews that are all or mostly glowing should be suspect.
Don’t sideload apps found on third-party websites. Although Google and Apple app stores aren’t perfect keeping malware out, they do try. Third-party sites are a hacker favorite for installing malware apps.
Update all system software and apps as soon as they are available. Updates include fixes for security bugs and provide the latest security patches for flaws.
Carefully watch app permissions when downloading. Pop-up permission requests can be fast and furious during download, so only approve those requests that make sense for the app to operate properly.
Use a reputable anti-virus software. It can save a user from downloading infected apps and other malware, and always keep it updated.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments