Security News > 2020 > October > RainbowMix apps generate $150,000 in daily ad fraud profit
In the case of RainbowMix, the apps pretend to be from popular apps and social media platforms like YouTube and Chrome.
White Ops saw this many daily ad impressions consistently, from the RainbowMix app collective.
"All RAINBOWMIX apps are packed with various versions of the Tencent Legu packer. While some of the apps are detected as malicious on multi-scanning platforms, these detections are often vague and only relate to the use of the specific packer, and not their behavior when unpacked" - White Ops.
The RainbowMix apps had code that tracked the current state of the screen.
The RainbowMix apps were present in the Android Play store for up to a year and Google promptly removed all of them at the end of August following White Ops' responsible reporting.