Security News > 2020 > October > RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims

RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
2020-10-08 19:46

The White Ops team of researchers, including Cirling, Michael Gethers, Lisa Gansky and Dina Haines, - who named the investigation "RAINBOWMIX," inspired by the 8-16 bit color palate running throughout the retro game apps - found that these fraudulent apps were downloaded more than 14 million times by unsuspecting users.

"Most of the RAINBOWMIX apps have a"C-shaped rating distribution curve," the team reported.

All of the RAINBOWMIX apps were loaded with the Tencent Legu packer, they add, noting that some did give clues to their nefarious intent, if you looked hard enough.

"This is used as the C2 of the ad SDK, which determines which ad network to use as well as the interstitials frequency," the report read. "The same C2 architecture is used across all of the RAINBOWMIX apps identified in this investigation."

The RAINBOWMIX apps were also able to boost their ad-delivery counts by monitoring when users turned their screen on and off, the analysts also discovered.


News URL

https://threatpost.com/rainbowmix-apps-google-play-ad-fraud/159982/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 103 256 4322 4698 744 10020