2 min read

Aggressive Adware Promised Free Stuff to Android Users Just to Stay Installed

Silviu STAHIE

August 31, 2020

Aggressive Adware Promised Free Stuff to Android Users Just to Stay Installed
  • Aggressive adware apps invade tens of thousands of devices
  • Operators designed the apps to run unhindered in the background
  • Google removed all of the fake apps from the Play Store

Security researchers from White Ops have discovered and tracked a vast ad fraud botnet that used dozens of Android apps pretending to offer users free items to keep the application installed for at least two weeks.

At the peak of its activity, the botnet, named TERRACOTTA, had more than 65,000 infected devices, spoofed more than 5,000 apps and generated about 2 billion fraudulent bid requests. Such aggressive adware is usually after one thing — to generate as many fake clicks as possible and create the impression of users actively clicking on ads.

The old saying, “If something seems too good to be true, it probably is,” encapsulates the TERRACOTTA botnet offering. Apps offered users shoes, coupons or concert tickets, and people didn”t have to pay a dime. If someone were to give out free shoes on a street corner, everyone would be immediately suspicious. Why not feel the same suspicion when the offer comes from a random Android app?

“The TERRACOTTA malware offered Android users free goods in exchange for downloading the app—including shoes, coupons, and concert tickets—which users never received,” said the researchers. “Once the app was installed and the malware activated, the malware used the device to generate non-human advertising impressions purporting to be ads shown in legitimate Android apps.”

The cybercriminals wrote the apps using the React Native cross-platform development framework, which didn”t raise any flags. On the other hand, the apps did require access to powerful permissions, WAKE_LOCK and FOREGROUND_SERVICE that would let the apps run uninterrupted and invisible in the background.

Google was quick to remove all of the TERRACOTTA apps, and its operators used the React Native framework for all of them. Interestingly, the simple removal of the software from the official store doesn”t mean it”s gone from the devices. Many of them remain active, although they can no longer generate funds for their operators.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read