Researchers at Human Security Inc. have disrupted a sophisticated advertising fraud operation that was distributing apps on both Google LLC’s Play store and Apple Inc.’s App Store.
The campaign, dubbed “Scylla,” involves using mobile applications pretending to be legitimate apps to trick users into downloading them. The apps contained hidden ads which the apps would render where a user couldn’t see them and generated fake clicks. The apps also keep track of real clicks on ads in order to fake additional clicks later.
Fake apps with malware or adware are not new, but most do not find their way onto the main two app stores – this wasn’t the case with Scylla. The researchers found 80 apps infected with Scylla on Google Play and nine apps in the App Store which had collectively been downloaded more than 13 million times.
The Human Security researchers worked with both Google and Apple to ensure the apps identified as associated with the Scylla operation were removed from the perspective stores. The researchers also worked with advertising software developer kit developers to mitigate the operation’s impact on their processes and advertising partners.
While the Scylla apps may have disappeared from the main app stores, the campaign is ongoing, with those behind it continuing to distribute their infected apps across smaller, third-party app stores.
“These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla,” the researchers explain. “This is an ongoing attack and users should consult the list of apps in the report and consider removing them from all devices.”
Charybdis was a previous incarnation of a threat group originally known as Poseidon – Scylla is the name of Poseidon’s granddaughter and worked opposite her counterpart Charybdis in Greek mythology.
The company behind the research – Human Security, was previously known as White Ops Inc. before it was acquired by Goldman Sachs Group Inc.’s merchant banking Division in partnership with venture capital firms ClearSky Security Fund and NightDragon in 2020. The company subsequently merged with PreimeterX Inc. in July.
Under its current name, the company has grown to verify more than 15 trillion digital interactions per week, claiming that it offers “unmatched visibility into fraudulent activity across the internet.”
Image: Human Security
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.