Google Play Store has been hit by the biggest android ad fraud ever. After scraping away 40 apps from the Play Store, Google has relieved itself from what is said to be the most massive ad malware. The apps have estimated to be downloaded by more than 36 million users. With these huge number of downloads, security researchers claim it to be the biggest ad fraud ever committed.
How did the adware apps go undetected?
A peek inside the story reveals that the ad clicking function was hid inside the applications. A South Korean Company, Kiniwini was the mastermind behind this act. Check Point security firm reported in a campaign Thursday, that almost 41 games have been a prey to this fraud. What made this ad fraud so successfully viral has been the fact that the ad clicking function was downloaded after the actual app installation. This is what kept Google’s Bouncer from detecting this adware in its apps.
The apps infected with the malicious code unknowingly automated a background webpage that created the actual havoc. In a statement, Check Point discussed that:
Kiniwini which is also named as ENISTUDIO corp, was reported to make almost $300,000 per month through these automated ad clicks.
According to Check Point, the malicious apps were flooded with adverts that forced the users to successfully click on them. One of these apps that successfully steered clear of Google’s eye was “Judy”. The app stayed in the Play Store for more than a year as dated from April 2016.
After Google reported the fraudulent attempt by the company on their website, the company has not yet returned a request for comment. However, Forbes reported that Google has decided to let go of the apps after they conform with the Play Store policy.
Sergio De Los Santos, a security expert from the Telefonica’s ElevenPaths Android security team stated:
“This clicking malware hides very well. They have been undetected for years now, and even now anti-virus products are still not detecting them”
De Los Santos further explained that:
“The reason is because they are not dangerous by themselves in Google Play, but when they are installed they download the payload. This is very tricky and makes all detection techniques fail. And, besides, the only permission they need is access to the internet… it’s quite intelligent”
Some other Android Ad Fraud Cases
A similar case has been reported earlier week in Russia which infected 1 million devices. Group-IB, a security firm based in Russia arrested the gang behind Cron. Cron is a group of hackers that distributed malware infected apps with the names of “viber.apk” or “Google-Play.apk”. The apps allowed the hackers to gain access to confidential information from bank accounts.
Americans, on the other hand were prey to Marcher, the biggest known android malware. According to the co-founder and head of intelligence at Group-IB, Dmitri Volkov:
“This trojan was developed by a Russian speaking author in 2014. In the beginning it was used only by one cybercrime gang to attack Russian clients. Then it was advertised on the underground markets”
The success of this application paved way for the rest of the cybercriminal community.
With all these viral apps and vulnerabilities every now and then, Google still remained successful in protecting its fellow users. According to recent Google data, the infectious hands of “potentially harmful application” (PHA) got no far than 0.05% of the devices. These triumphant facts covered the end of the year 2016.