Presence of infected games and apps that are costing innocent users financial and data losses is not a new phenomenon. However, it is indeed surprising that a firm that promises to fight app piracy is itself involved in this horrendous act.
According to the latest research from Oracle, there is a new ad fraud campaign that is causing users huge sums of money annually through data bills and the perpetrator behind this campaign is Tapcore.
The campaign is being circulated across the web through infected Android apps and games. Researchers at Oracle have named the scheme as DrainerBot and claimed it to be an “ad fraud operation” of massive scope and scale as the games and apps have already been downloaded ten million times.
Tapcore, for your information, is a Netherlands-based firm that helps developers identifies pirated apps and informs about ways to earn revenues through bootleg copies of legit apps/games through ad popups.
Tapcore’s website states that the company is currently serving around 150 million ad impressions on a daily basis and has worked on over 3,000 applications so far. It has worked on the pirated versions of apps like Draw Clash of Clans, Perfect 365, Solitaire: Season 4, VertexClub, and many others.
Oracle researchers identified that Tapcore’s has embedded a Trojan in its anti-piracy code that generates inauthentic websites on mobile devices to enable ad serving platforms into paying the company despite not having an ad inventory. This particular code, explains Kyle York, VP of product strategy, Oracle Cloud Infrastructure, is constantly delivering invisible video ads to deceive domains.
“Mobile devices are a prime target with a number of potential infection vectors, which are growing increasingly complicated, interconnected, and global in nature,” said Kyle. “The discovery of the DrainerBot operation highlights the benefit of taking a multi-pronged approach to identifying digital ad fraud by combining multiple cloud technologies. Bottom line is both individuals and organizations need to pay close attention to what applications are running on their devices and who wrote them.”
To benefit from this ad fraud scheme, an app developer has to sign up with Tapcore, which then gives a code to the developer that has to be embedded into the app’s software. When a user downloads that app, within a few hours or sometimes days, the code self-updates and new functions are added. Through a method called side-loading, the device is converted into a fake ad generator. The app secretly requests for digital apps by generating fake mobile websites into the browser.
York further explained that there are three key victims of this fraud campaign. The first one is the advertiser who is buying the ad that isn’t actually appearing, the second one is the publisher whose domain name is being illegally used to make the ad appear on the webpage, and the third victim, naturally, is the user of the app.
Reportedly, a single infected app has the capability of leaking 10GB of data in just a month and just 1GB can cost the user $15 per month or quickly drain a charged battery, even if the infected app is not in use or in sleep mode. However, researchers, who were able to identify this campaign with the team from Moat and Dyn, couldn’t assess exactly how much money has been generating as of now.
Tapcore’s spokesperson has denied the company involved in this ad fraud campaign and claims that it is in contact with Oracle to learn more about their findings.
“We are very concerned about Oracle’s statement. At the moment we are trying to find out the details and investigate the causes and circumstances that led to Tapcore being involved in this situation. We have always been on the frontlines in the fight against mobile ad fraud and vow to fully investigate the claims and ensure the facts are brought to light. We hope Oracle will make appropriate changes to their statement once we can prove we are not the reason for the fraud activity they’re referring to,” said Tapcore’s spokesperson.