UPDATED 18:53 EDT / SEPTEMBER 26 2022

SECURITY

Researchers disrupt fraudulent apps in Apple App Store and Google Play

Researchers at Human Security Inc. today said they have disrupted a sophisticated advertising fraud operation that was distributing apps on both Google LLC’s Play store and Apple Inc.’s App Store.

The campaign, dubbed “Scylla,” involves using mobile applications pretending to be legitimate apps to trick users into downloading them. The apps contained hidden ads which the apps would render where a user couldn’t see them and generated fake clicks. The apps also keep track of real clicks on ads in order to fake additional clicks later.

Fake apps with malware or adware are not new, but most do not find their way onto the main two app stores. That wasn’t the case with Scylla. The researchers found 80 apps infected with Scylla on Google Play and nine apps in the App Store that had collectively been downloaded more than 13 million times.

The Human Security researchers worked with both Google and Apple to ensure the apps identified as associated with the Scylla operation were removed from the perspective stores. The researchers also worked with advertising software developer kit developers to mitigate the operation’s impact on their processes and advertising partners.

While the Scylla apps may have disappeared from the main app stores, the campaign is ongoing, with those behind it continuing to distribute their infected apps across smaller, third-party app stores.

“These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla,” the researchers explain. “This is an ongoing attack and users should consult the list of apps in the report and consider removing them from all devices.”

Charybdis was a previous incarnation of a threat group originally known as Poseidon. Scylla is the name of Poseidon’s granddaughter and worked opposite her counterpart Charybdis in Greek mythology.

The company behind the research, Human Security, was previously known as White Ops Inc. before it was acquired in 2020 by Goldman Sachs Group Inc.’s merchant banking Division in partnership with venture capital firms ClearSky Security Fund and NightDragon. The company merged with PerimeterX Inc. in July.

Under its current name, the company has grown to verify more than 15 trillion digital interactions per week, claiming that it offers “unmatched visibility into fraudulent activity across the internet.”

Image: Human Security

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU