App Store Hosted 10 Ad Fraud Apps Compared To 75 On Google Play

Security researchers discovered 85 apps engaged in ad fraud; ten are on the App Store, and the other 75 are on Google Play. Combined, people downloaded them over 13 million times. They’re part of a new ad fraud campaign named “Scylla.”

The information comes from Bleeping Computer. According to the publication, researchers from HUMAN’s Satori Threat Intelligence team found 85 apps available on the App Store and Google Play that flood mobile users with ads – both visible and hidden – or generate revenue by “impersonating legitimate apps and impressions.”

Here are the ten apps found on the iOS App Store that offered adware:

The analysts believe Scylla is the third wave of an operation they found in August 2019 and dubbed ‘Poseidon’. The second wave, apparently from the same threat actor, was called ‘Charybdis’ and culminated towards the end of 2020.

• Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
• Run Bridge – com.run.bridge.race (id1584737005)
• Shinning Gun – com.shinning.gun.ios (id1588037078)
• Racing Legend 3D – com.racing.legend.like (id1589579456)
• Rope Runner – com.rope.runner.family (id1614987707)
• Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
• Fire-Wall – com.fire.wall.poptit (id1540542924)
• Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
• Tony Runs – com.TonyRuns.game

According to Bleeping Computer, Satori researchers informed Apple and Google about these apps, and they have been removed from the App Store and Google Play. If by any chance you downloaded one of the apps, the best way to remove the adware is to simply erase the app from your device.

The publication explained a bit more about this malware, which, different from other kinds of viruses, is not exactly harmful to your device – since it only shows you ads – although it can be a door for other malware to infect your phone.

You can learn more about these scam apps making its way to the App Store and how these waves of invasion have been occuring for the past three years here.

The Scylla apps typically used a bundle ID that doesn’t match their publication name, to make it appear to the advertisers as if the ad clicks/impressions come from a more profitable software category.

HUMAN’s researchers found that 29 Scylla apps imitated up to 6,000 CTV-based apps and regularly cycled through the IDs to evade fraud detection.

Read more:

• Apple fails to address App Store review complaints as ‘Authenticator’ developers continue facing copycats
• Developer exposes another multimillion dollar scam app on the App Store