Google Play Store and Apple Store adware were reportedly downloaded plenty of times. Tons of apps that were downloaded a whopping 13 million times are found to be engaging in adware.
Google Play Store and Apple Store Adware Reportedly Downloaded Plenty Of Times
Plenty of apps across the iOS and Android ecosystem have been found to be engaging in advertising fraud, researchers have now claimed.
Of the apps in question, 80 were of android build and nine on the other hand for IOS have over 13 million downloads between them and they include games, camera apps, screensavers, and many more and some of them even have over a million downloads to their name.
Research from HUMAN Security Found the Malicious Apps
Research from HUMAN Security, which is a cybersecurity firm found out that by targeting advertising software development kits (SDK), the threat actors which are unknown were able to make compromises to these apps for their very own personal gains, in many ways by pretending to be apps that they are not, by rendering ads in places that users will not be able to see and also by faking clicks and taps and thus keeping track of real ad interactions and later faking them.
The Campaign Is Dubbed By HUMAN as Scylla
The campaign which is dubbed by HUMAN as Scylla, is still very much going on. This, therefore, means that at the very least, some of these apps are still up and going about their businesses. The researchers say that “these tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scyla.”
The Charybdis operation that is mentioned by the researchers is a very much older campaign from which Scylla evolved. Charybdis itself birthed from a campaign that is even much older known as Poseidon thus leading the researchers to conclude that the threat actors actively developing these apps and that new variants are also expected to appear.
HUMAN Has Worked Closely With both Google and Apple in Having All the Malicious Apps Removed
HUMAN says that it has worked closely with both Google and Apple in having all the malicious apps identified to be removed from the respective app repositories. But even at that, it does not mean that the threat is gone completely as users who have downloaded these apps in the meantime are still vulnerable and will thus remain so until they are removed from their endpoints.
The company is advising users to go through the complete list and make sure that remove any of the apps that they might have installed on their devices. Here is the complete list of the apps.