Security News > 2020 > March > Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

More than 50 Android apps on the Google Play Store-most of which were designed for kids and had racked up almost 1 million downloads between them-have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.

While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer and utility apps to perform phony clicks on ads.

Malware Abuses MotionEvent API to Simulate User Clicks Stating that the campaign cloned legitimate popular apps to gain an audience, the newly discovered 56 apps were found bypassing Google Play Store protections by obfuscating its native code and relying on Android's MotionEvent API to simulate user clicks.

The receiver, when it detects these events, then proceeded to load a native library named "Libtekya.so" that includes a sub-function called "Sub AB2C," which creates and dispatches touch events, thereby mimicking a click via the MotionEvent API. An Ongoing Problem of Mobile Ad Fraud Mobile ad fraud manifests in different ways, including threat actors planting malware-laced ads on user phones or embedding malware in apps and online services to generate clicks fraudulently to receive payouts by advertising networks.

Google, for its part, has been actively trying to stop rogue Android apps from infiltrating the Google Play Store.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/IAheiFn_tvw/android-apps-ad-fraud.html