Invisible ads and click fraud: security researchers have found an unusual malware that has already been downloaded millions of times. It has appeared in at least 85 Android and iOS apps. Google and Apple have removed the apps from their stores.
New malware makes its way to Android and iOS
Researchers from Human Security have found malware in a whole range of mobile apps that attempted to make money in an unusual way through click fraud. The method used was called “Scylla”, which bombards users with advertisements – sometimes without even realizing it.
According to the analysis, the malware was present in at least 75 Android apps, plus “over” ten iOS apps. Together, they are said to have been downloaded over 13 million times, which suggests a fairly successful approach by the fraudsters. Both Google and Apple, as the operators of the app stores, have been informed by Human Security about the apps. They are no longer available, so they cannot cause any additional damage. A large part of the apps are said to have been games.
The most downloaded apps have names like “Super Hero-Save the world!”, “Arrow Coins” and “Parking Master”. These three apps alone were installed around 1.5 million times. The list also includes apps for which the download figures could not be determined (source: Human Security).
Malware apps annoy with advertising
If one of the infected apps is installed on the smartphone, users can expect, among other things, advertisements to suddenly pop up on the home screen. Less annoying, but also harmful, is the invisible advertising in the background. Users do not notice this. The malware simulates clicks on ads in order to earn money.