07 December 18, 12:55
Quote:A group of 22 Android applications from the Google Play store was used in an advertising clickfraud scheme faking genuine ad traffic by randomizing the device and User Agent information.
As reported by Sophos, the apps that were installed more than 2 million times by Android device owners were used by the masters of the operation to generate fraudulent ad traffic by faking clicks.
"The ad calls do not result in the expected, disruptive, full-screen ads that would otherwise annoy the user of the device and draw attention to the app," states Sophos' analysis. "Instead, malicious ad calls are made in a hidden browser window, inside of which the app simulates a user interaction with the advertisement."
Moreover, the ads will be retrieved and "visited" continuously after the malicious applications are installed, which made Sophos upgrade their threat level from "potentially unwanted" apps to malware.
"Operating under the guise of playable games and functioning utilities, the apps also have downloader capabilities, if the command-and-control server instructs them to retrieve other files," says Sophos.
Once connected to their C2 servers, the apps were instructed to "to send ad requests pretending to originate from a variety of apps (that are otherwise unrelated to these apps) running on a wide range of mobile phone models."
Source: https://news.softpedia.com/news/android-...4152.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
