Millions of hacked smartphones, both of Android and iOS descent are being exploited to run a massive ad fraud campaign. The campaign in question, known as PEACHPIT, harnesses the power of hundreds of mobile devices.
Hacked Smartphones Ad Fraud Campaign
Cybersecurity researchers from HUMAN just recently discovered a substantial ad fraud botnet scheme they dubbed PEACHPIT. The scheme in question involved dozens of apps, downloaded millions of times all across the globe, thus generating huge amounts of money for the developers, via fraudulent advertising.
In order to best understand PEACHPIT we need to take a step back and then look at BADBOX which in case you don’t know is a large-scale malicious operation hailing from China, which TechRadar Pro reported on in the early parts of this week.
How to Best Understand PEACHPIT Using BADBOX
BADBOX as you should know is a campaign in which hackers managed to inject malicious firmware into Android-powered TV streaming boxes directly in the production chain. And as a result, people were reportedly buying TV set-top boxes that came with malware already pre-loaded. That malware in question was capable of doing a host of things, but it all starts with reaching out to the C2 server and then getting further instructions from there on.
Among of these reported instructions were some that reportedly triggered the download of fake apps, which were pretending to be something that they were clearly not. These apps in question were hiding ads behind the screen where nobody could even think of or even get to see them. The operators of the apps would then sell these fake impressions via programmatic advertising, for the purpose of making a profit. The botnet in question peaked at over four billion fraudulent bid requests per day.
What HUMAN Said In Its Reports Regarding the Ad Fraud Campaign
“This complete loop of ad fraud means they were making money from the fake ad impressions on their own fraudulent, spoofed apps. And what makes matters worse is the level of obfuscation the operators went through to go undetected, a sign of their increased sophistication,” HUMAN in its report stated.
How the Malicious Apps Work
The malicious apps in question could also be downloaded as standalone apps. There were a grand total of 39 such apps, both for iOS and Android ecosystems. The botnet army of PEACHPIT had an estimated peak of 121,000 devices a single day on Android as well as 159,000 devices a day on iOS on the other hand, the researchers stated. The apps in question were reportedly downloaded over 15 million times, in 227 territories around the globe.
MORE RELATED POSTS
- Update All Your Apple Products – Update for iPad, iPhone, Mac and Smartwatch Now Available
- Hackers reportedly steal 56 bitcoins from ATMs
- GitLab Has Reportedly Been Exploited By Threat Actors
- Microsoft Claims Hackers Are Preparing To Disrupt Key US Infrastructure
- UN OHCHR Fellowship Programme 2023 in Switzerland
