Horia Ungureanu, Tech Times

Google took down 247 apps from the Play Store after they were exposed as being ad fraud carriers.

The ad fraud scheme operated through MoPub, the Twitter-owned mobile advertising platform. Security researchers at Sentrant Security thwarted the security liability, which generated more than $250,000 per day in revenue while the ad fraud was in operation.

Sentrant Security discovered that the infected apps were installed on a large number of devices, amounting from 282,998 to 1,193,665 installations.

Google promptly reacted to Sentrant's notification and pulled the plug on the rogue apps.

"In reaction to our communication with Google, all apps have been removed from the Play Store," says Sentrant Security co-founder Hadi Shiravi in an IBTimes UK report.

Shiravi went on to add that users should manually uninstall the apps from their devices in order to be safe.

According to the security expert, the ad fraud had an impressive level of sophistication. This is because the malicious software enabled the infected devices to run non-viewable ads in the background.

Sentrant Security found out that the ad fraud scheme started and continued under the patronage of mobile app company Academ Media. The app company owns a network of more than 20 shell companies that allegedly helped orchestrate the fraud operation.

Academ Media, which has headquarters in Novosibirsk, Siberia, refutes the allegations.

According to Academ Media, a group of hackers stole the company's data and modified the apps to facilitate the advertising fraud.

On the other hand, Sentrant points out that a custom ad fraud code was embedded into several legitimate apps. Two different approaches were used to disguise the ad fraud, namely long sleep duration and proxy detection. Because of the two techniques, detecting the issue was extremely difficult.

The malevolent programmers inserted the ad fraud code directly into the advertising software development kit (SDK) of MoPub. This allowed them to rebuild a special tailored version of the SDK. The new variant of the SDK spoofs information from the device, for example the device's ID. What is more, the SDS spooks parameters such as product, manufacturer, device width and height, and more.

"[...] we can confirm that our Google Play policies are designed to provide a great experience for users and developers. That's why we remove apps from Google Play that violate those policies," Google notes.

Earlier this year, Google announced that it will let its users know which apps from the Google Play Store feature embedded ads.

Photo: Don Hankins | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Google Play Store Google Play Mobile Security Ads MoPub
Join the Discussion

Related Article