A family of Android apps is using the lure of free items to distribute a novel ad fraud botnet.
Victims of the scam are told that they will receive a complimentary gift when they download an app from the Google Play Store. However, the only thing received by victims is an infection of malware that silently loads ads in the background on their smart device.
The ad fraud operation, discovered by White Ops’ Satori Threat Intelligence & Research team, which named it TERRACOTTA, started in late 2019. The team found that by the end of June 2020, more than 65,000 devices had been unwitting participants in the scam, over 5,000 apps had been spoofed, and more than 2 billion bid requests had been generated.
"What makes this unique is that the fraudsters were advanced in knowing how to pull off ad fraud verification plausibly," said a White Ops spokesperson. "This means the ads were never being reported via the Google Play Store for showing ads, nor were users complaining of seeing unwanted ads. Instead, they were lying dormant, and the only 'free product' being delivered to users was a payload of ad fraud malware."