As many as 75 apps on Google Play and 10 on Apple’s App Store have been found committing ad fraud in an ongoing campaign that began in 2019.
The latest iteration, dubbed Scylla by online fraud prevention firm HUMAN Security, follows waves of similar attacks in August 2019 and late 2020 that are codenamed Poseidon and Charybdis respectively.
Prior to their removal from app storefronts, the apps had been collectively installed more than 13 million times.
The original Operation Poseidon included over 40 Android apps designed to display out-of-context or hidden advertisements from the view of the device user.
Charybdis, on the other hand, was an improvement over the first by using code obfuscation tactics to target advertising platforms.
Scylla features the latest adaptation of the scheme in that it extends beyond Android to foray into the iOS ecosystem for the first time, while building on additional layers of code at the using the Allatori tool.
These apps, once installed, are designed to commit different types of ad fraud, marking a significant step up in sophistication from previous variants.
These include spoofing popular applications such as streaming services to trick advertising SDKs into placing ads, delivering out-of-context and “hidden” ads through off-screen WebViews, and generating fraudulent click-throughs to take advantage of advertisements.
“Put simply, threat actors code their apps to pretend to be other apps for advertising purposes, often because the app they claim to have is worth more to an advertiser than the app would be by it. -even,” the company said.
As always, users are advised to review apps carefully before downloading them and to avoid third-party app stores on the web that might host malicious apps.
