A new ad fraud campaign is potentially costing victims hundreds of dollars a year in data bills through infected Android apps and games.
Dubbed DrainerBot by Oracle researchers, the scheme has been described as a "major mobile ad fraud operation" which has been distributed through at least ten million downloads of infected consumer applications.
The DrainerBot code has been unpacked and found in malicious software development kits (SDKs) relating to Android mobile apps, many of which have proven popular -- including "Perfect365," "VertexClub," "Draw Clash of Clans," "Touch 'n' Beat – Cinema," and "Solitaire: 4 Seasons (Full)."
DrainerBot's code overlays invisible, fraudulent ads to devices when apps are in use. The infected app will then report back to ad networks connected to the scheme that the advert has been viewed on a legitimate publisher's website, and this results in fraudulent ad revenue kickbacks for the threat actors involved.
Oracle says that video ads are in play, and as these kinds of advertisements generally offer more in revenue than simple banner ads, the legitimate ad networks that have been signed up with are unwittingly being defrauded out of serious cash.
It is not just ad networks which are being scammed, however, As the DrainerBot code is showing ads which are invisible, users may not realize anything is wrong -- at least, until they receive their data bills, which would be heavily impacted by the constant launch and play of online videos.
Oracle says that infected apps can consume over 10GB per month, which potentially could cost device owners a hundred dollars per year or more in charges. In addition, malicious apps can quickly drain a device's battery, even if these applications are not in use.