- Trapdoor is an ad fraud campaign using 455 Android apps and 183 C2 domains
- The apps tricked users into fake updates, then secretly launched invisible WebViews to generate 659 million fraudulent ad bid requests daily
- Google removed the 24M+ downloaded apps after disclosure, with researchers warning of malvertising pipelines built from everyday installs
Security researchers have discovered and dismantled a major ad fraud and advertising operation that comprised hundreds of Android apps, and probably generated millions of dollars in profits.
Human Security researchers from the Satori team claim the Trapdoor campaign used 455 applications and 183 command-and-control (C2) domains.
It started on the Google Play Store, where victims were offered seemingly benign utility apps, such as PDF readers, and similar. These apps worked as intended and did nothing that would suggest malicious behavior (for example, asked for extensive permissions or tried to exfiltrate data to a third-party server). However, soon after installation, the apps would display a pop-up window that they need to be updated.
Hundreds of millions of bid requests
This update is essentially fake, and triggering it actually downloads an entirely different app. That app, which does its best to stay hidden on the device, also launches invisible WebViews, loads HTML5 domains under the attackers’ control, and then requests ads.
Through these ads, that no one ever really sees, the threat actors stole money from advertisers, as well as companies using ad networks to promote their products and services.
According to the Human Security report, at its peak, Trapdoor accounted for 659 million bid requests a day, meaning advertisers were bidding on 659 million fake ad opportunities every day. Furthermore, the apps associated with the threat have been downloaded more than 24 million times.
After notifying Google about their findings, the Play Store maker removed all of the identified malicious apps from its app repository. You can find the full list of the apps on this link, and if you see anything you’re using, make sure to uninstall it from all of your devices.
“Trapdoor is a reminder that threats to the digital advertising ecosystem do not neatly fall into single categories,” Human Security noted. “By fusing malvertising distribution with hidden ad fraud monetization, Trapdoor creates a pipeline in which each stage fuels the next: malvertising drives secondary app installs, those apps generate fraudulent ad revenue, and that revenue can fund further malvertising campaigns.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/KATu6scqjuj5bCqHLRubXn-1996-80.jpg
Source link
