This post originally appeared on Daily Express :: Tech Feed
Another day, another Android attack. One of the disadvantages of being the most widely-used mobile operating system on the planet is that hackers take a pretty keen interest in your platform. For Android users, that means a pretty continuous barrage of warnings about new malware attacks in online app stores trying to tempt people away from the Google Play Store, fraudulent apps that have managed to sneak through Google’s checks to make it into the Play Store, and more. The latest warning is pretty concerning, with security experts labelling it the “the most sophisticated” fraud campaign of its kind.
Researchers at Human, a security firm previously known as White Ops before it was acquired by Goldman Sachs, have detailed a widespread fraud campaign that dates back to 2019. In total, 29 Android apps have been found lurking in Google’s Play Store, which is the default digital store for most Android users and handles app downloads, updates, movie rentals, and ebook sales. Once these apps were installed, the software would make your Android device appear to be a Smart TV to advertisers.
Why? Well, like almost all malware campaigns it was about money. By appearing to be a Smart TV, these devices were mistakenly served advertisements – around 650 million each day, to be precise. The hackers behind the Android apps were able to collect the payments from advertisers, who believed their commercials were being shown to real people, when in fact they were being played in the background of an Android app without anyone seeing it.
For Android users who mistakenly installed one of the 29 Android apps that executed this scam, their devices likely started to use more data (to ‘view’ the barrage of advertisements). If you’re not connected to a Wi-Fi network with unlimited downloads, that could cost you. Mobile data, especially over a 5G network, tends to be pretty pricey. Running these processes in the background is likely to have slowed down any infected smartphones too.
One of the apps laced with the fraudulent code was Any Light, a seemingly simple torch app that allowed smartphone owners to choose between different light colours. It had more than 10,000 downloads from the Play Store.
Another app identified by the researchers, with more than 100,000 downloads, was Sling Puck 3D Challenge. This was a pretty simple game where players had to send all of their pucks to the rival’s side. Both of these apps worked as expected, but were secretly designed to generate revenue by scamming advertisements into sending their commercials to the phone.
“The operators behind the operations took advantage of the recent shift to digital accelerated by the pandemic by hiding in the noise in order to trick advertisers and technology platforms into believing that ads were being shown on consumer streaming devices,” Human CEO Tamer Hassan told Forbes.
A spokesperson for Google thanked Human for their help in uncovering the fraudulent apps. All 29 have now been removed from the Play Store.
As many as 36 apps were also found on the Roku streaming platform. Available in streaming set-top boxes, like the Roku Express, as well as Smart TV models, these apps worked in the same way – convincing advertisers to beam a barrage of commercials to the sets throughout the day. According to researchers, these apps didn’t manage to generate the same amount of revenue as the Android apps.
Speaking about the joint Android-Roku scam to Express.co.uk, Jake Moore, the Cybersecurity Specialist at ESET, said: “Extremely clever campaigns which are set to avoid detection and manipulate the users are rare hence the huge numbers of phones infected. When phones are used in this way to make revenue for the attackers, the phones themselves are not placed at the same risk but still pose a threat in terms of trust in the Play Store.
“This technique, however, could be used more widely making benign apps difficult to uncover in the future. Google spends a lot of resources looking for malicious apps in the Play Store keeping malware from entering people’s devices but common attacks target the device or the user’s data which makes this latest campaign all that much harder to defend against.”