The tools and services that come from trusted companies in the tech world are supposed to be safe and reliable. But a mobile advertising platform developed and operated by micro-blogging site Twitter is now at the center of a security issue because it has been used to run fraudulent ads on hundreds of mobile apps.
Security researchers at Sentrant Security have discovered an ad fraud scheme that operates through the MoPub advertising platform that attackers are using to cash in on unsuspecting victims. According to the researchers, the attackers have been profiting as much as $250,000 every day using the malicious apps that run through the ad fraud scheme.
Based on the findings of the researchers, there have been nearly 250 apps that are now being affected by the ad fraud, and these apps are even available at large via the Google Play Store, exposing Android users to the danger posed by the mischievous activity.
As of this writing, those affected apps have been downloaded more than one million times, indicating a widespread attack surface for the attackers behind the fraudulent scheme. Although Google was quick to drop the apps from Play Store suspected of running the fraud ad scheme, it is unclear whether attackers have targeted those million users who already have downloaded the rogue apps.
Google has a different take, however. In a press message, the search giant clarified that users would have to uninstall existing apps from their device and re-install the same again in order for the ad fraud to take effect. This means apps already downloaded and installed into the devices of those million users are supposedly free from the malicious ads.
The ad fraud scheme works to target mobile apps installed in the devices that run code designed to run ads in the background, meaning the ads are non-viewable. It is a sort of sophisticated fraud scheme, one that targets the largest mobile ad exchange owned by Twitter.
Academ Media, which developed the ad scheme, belied the allegations that it was behind the malicious operation. The company claimed that hackers gained access to its systems more than a year ago and changed its platform in order to execute ad frauds.
True enough, since it can be justified that the company has no relation whatsoever with the apps, which otherwise appear to have been developed by hackers that stole Academ Media’s codes as claimed by the company.
Now the fraudsters are hiding the ad using proxy detection and long sleep duration techniques in order to circumvent tools designed to identify frauds.