Security News > 2020 > March > Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
More than 50 Android apps on the Google Play Store-most of which were designed for kids and had racked up almost 1 million downloads between them-have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.
While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer and utility apps to perform phony clicks on ads.
Malware Abuses MotionEvent API to Simulate User Clicks Stating that the campaign cloned legitimate popular apps to gain an audience, the newly discovered 56 apps were found bypassing Google Play Store protections by obfuscating its native code and relying on Android's MotionEvent API to simulate user clicks.
The receiver, when it detects these events, then proceeded to load a native library named "Libtekya.so" that includes a sub-function called "Sub AB2C," which creates and dispatches touch events, thereby mimicking a click via the MotionEvent API. An Ongoing Problem of Mobile Ad Fraud Mobile ad fraud manifests in different ways, including threat actors planting malware-laced ads on user phones or embedding malware in apps and online services to generate clicks fraudulently to receive payouts by advertising networks.
Google, for its part, has been actively trying to stop rogue Android apps from infiltrating the Google Play Store.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/IAheiFn_tvw/android-apps-ad-fraud.html
Related news
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Over 90 malicious Android apps with 5.5M installs found on Google Play (source)
- Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (source)
- Google blocked 2.3M apps from Play Store last year for breaking the G law (source)
- Google now pays up to $450,000 for RCE bugs in some Android apps (source)
- Bug hunters can get up to $450,000 for an RCE in Google’s Android apps (source)
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)