By Contributor Zak Doffman
Delete all these apps from your smartphone
NurPhoto via Getty Images
Here we go again. A list of malicious apps has just been published and smartphone users are being urged to root out and delete any still on their devices. The latest report outs more than 350 apps responsible for more than a billion ad bid requests per day.
This latest report comes courtesy of Human Security鈥檚 Satori team, which says it has 鈥渄isrupted IconAds, a massive fraud operation involving hundreds of deceptive mobile apps that hide their presence and deliver unwanted ads.鈥 this app campaign has been under investigation for some time, but is growing its viral presence.
ForbesGoogle Chrome Warning鈥擴pdate Or Stop Using Browser By July 23By Zak Doffman
Satori says this 鈥渉ighlights the evolving tactics of threat actors,鈥 and that the scale of threats such as this are similar to BADBOX 2.0, the major IOT threat flagged by the FBI and Google, in which millions of smart TVs and other devices
Here is the list of IconAds issued by Human; and here is the list of previously known apps flagged by other researchers before this latest report was published.
MORE FOR YOU
This AdWare follows on the HiddenAds threat, but on a much larger scale. The malware takes over devices with unwanted fullscreen ads, generating revenue for its handlers. It even changes app icons top avoid detection and removal.
Global IconAds campaign
鈥淲hile these apps often have a short shelf life before they鈥檙e removed from Google鈥檚 Play Store,鈥 Sartorial says, 鈥渢he continued new releases demonstrate the threat actors鈥 commitment to further adaptation and evolution.
Google has now deleted all of apps in the report fromPlay Store, and users with Play Protect enabled will be protected from those apps. But apps are not automatically deleted from devices, and so you should do this manually.
In Satori鈥檚 technical report, it warns that such is the scale of this operation it deployed a dedicated domain for every malicious app, which helped the team compile their list.
鈥淭hese domains consistently resolve to a specific CNAME and return a specific message; this means that while the domains were different, they very likely shared the same back-end infrastructure or second-level C2. These and other unique parameters allowed Satori researchers to find more of these domains and associate them back to IconAds.鈥
ForbesNever Ask Your AI App This One Question鈥擨t鈥檚 DangerousBy Zak Doffman
The team also warns that the app obfuscation was highly deceptive. In one instance, an app 鈥渦sed a variation of the Google Play Store鈥檚 own icon and name. When opened, it automatically redirects into the official app while working in the background.鈥
Satori says 鈥渢he IconAds operation underscores the increasing sophistication of mobile ad fraud schemes. Ongoing collaboration across the digital advertising ecosystem is essential to disrupting these and future fraud operations.鈥
Editorial StandardsReprints & Permissions