Google has removed over 50 apps that installed ad fraud botnet on a user device, according to a report by cybersecurity firm White Ops.

As per the report by the White Ops Satori Threat Intelligence & Research team, users were prompted to install these apps with a promise of free goods, no strings attached. These apps then installed a malware codenamed TERRACOTTA on the user device that triggered unwanted ads.

“The TERRACOTTA malware offered Android users free goods in exchange for downloading the app, including shoes, coupons, and concert tickets, which users never received. Once the app was installed and the malware activated, the malware used the device to generate non-human advertising impressions purporting to be ads shown in legitimate Android apps,” the report read.

The White Ops Satori Threat Intelligence & Research team has been investigating the ad fraud botnet since 2019. The campaign was running on a relatively large scale. As per the report, the malware infected over 65,000 devices, generating more than two billion fraudulent bid requests while spoofing over 5,000 apps in a single week in June 2020.

The malware also makes it very difficult for the app to be blocked by ad blockers. It uses a method called tag evasion.

“This is a similar technique to ad-blocking, but rather than blocking the loading of content from ad-serving domains (as an ad blocker does), the malware blocks the loading of content from ad-verification domains with the intention of suppressing fraud detection,” explained the report.

Google has removed nearly 57 apps containing the malware. White Ops has provided the entire list of apps on its website.

Related Topics
comment COMMENT NOW