like us on facebook
follow us on twitter
find us on linkedin

call us

020 8939 8481

Giveaway Scam Infects 65,000 Devices with Malware

1/09/2020 in Security

Download Form1

This field is for validation purposes and should be left unchanged.

[optin-monster-shortcode id="8328"]

A family of Android apps is using the lure of free items to distribute a novel ad fraud botnet.

Victims of the scam are told that they will receive a complimentary gift when they download an app from the Google Play Store. However, the only thing received by victims is an infection of malware that silently loads ads in the background on their smart device.

The ad fraud operation, discovered by White Ops’ Satori Threat Intelligence & Research team, which named it TERRACOTTA, started in late 2019. The team found that by the end of June 2020, more than 65,000 devices had been unwitting participants in the scam, over 5,000 apps had been spoofed, and more than 2 billion bid requests had been generated.

“What makes this unique is that the fraudsters were advanced in knowing how to pull off ad fraud verification plausibly,” said a White Ops spokesperson. 

“This means the ads were never being reported via the Google Play Store for showing ads, nor were users complaining of seeing unwanted ads. Instead, they were lying dormant, and the only ‘free product’ being delivered to users was a payload of ad fraud malware.”

Among the free gifts used as lures were boots, sneakers, event tickets, coupons, and expensive dental treatments. The real item that victims received was a customized Android browser packaged alongside a control module written in the React Native development framework. 

When loaded onto the victim’s phone, the browser generates fraudulent ad impressions, sold into the programmatic advertising ecosystem to defraud advertisers.

Google Play Store reviews for the apps started out at five stars as victims applauded the giveaway idea. However, disappointed victims who didn’t receive the promised freebies soon took to the review section to express their disappointment and share their suspicions that the app they had downloaded was malicious.

One victim’s review read: “Terrible. I received confirmation of my free Nike Air Jordans but never received any delivery, tracking number or anything. Possibly a fraudulent site, do not give personal information.”


What Now?

We’re Evolve, and we’re here to guide your business’ digital transformation.  With a wealth of experience deploying solutions and managing IT for various firms we are uniquely placed to help your business overcome the challenges posed by the current crisis and look optimistically to the future. 

You can contact me on LinkedIn @davidatevolve, by telephone 020 8939 8481 or on our Contact Us page

News Source: