Security News > 2020 > October > RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
The White Ops team of researchers, including Cirling, Michael Gethers, Lisa Gansky and Dina Haines, - who named the investigation "RAINBOWMIX," inspired by the 8-16 bit color palate running throughout the retro game apps - found that these fraudulent apps were downloaded more than 14 million times by unsuspecting users.
"Most of the RAINBOWMIX apps have a"C-shaped rating distribution curve," the team reported.
All of the RAINBOWMIX apps were loaded with the Tencent Legu packer, they add, noting that some did give clues to their nefarious intent, if you looked hard enough.
"This is used as the C2 of the ad SDK, which determines which ad network to use as well as the interstitials frequency," the report read. "The same C2 architecture is used across all of the RAINBOWMIX apps identified in this investigation."
The RAINBOWMIX apps were also able to boost their ad-delivery counts by monitoring when users turned their screen on and off, the analysts also discovered.
News URL
https://threatpost.com/rainbowmix-apps-google-play-ad-fraud/159982/
Related news
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)