Hackers used malware to hack Android devices to create an Android ad fraud botnet called ‘Pareto’ that mimicked millions of connected TV products to generate fake ad views.
Cybersecurity firm Human Security, previously White Ops, has uncovered and disrupted a highly sophisticated botnet-based fraud operation in which hackers managed to infect over one million Android mobile devices to steal revenues from advertisers.
Dubbed Pareto CTV botnet; the compromised devices were used to conduct fraud via the TV advertising ecosystem in which malware mimicking millions of TV products was inserted in android devices to generate fake ad views.
According to researchers, the botnet utilized dozens of mobile applications to spoof/impersonate over 6,000 CTV apps, which provided at least 650 million ad requests daily.
Mobile Botnet First Discovered in 2020
Human Security’s Satori Threat Intelligence and Research Team first uncovered the mobile botnet in 2020 and partnered with Google, Roku, and others to disrupt the ad-fraud operation.
The botnet spoofed signals in malicious Android mobile apps to target consumer TV streaming products that run on Roku OS, Fire OS, tvOS, and other popular CTV platforms. It benefitted from the digital shifts that the coronavirus pandemic accelerated to trick advertisers and tech startups into believing that ads were being aired on TV.
According to Human Security, Pareto operators have employed sophisticated evasion techniques as they have continually changed their spoofing styles to create new disguises for fake traffic.
36 Roku Apps Connected to Botnet Operators’ Server
Researchers explained that they have identified a distinct but connected operation on the Roku platform as around 36 apps on Roku Channel Store were found to be receiving instructions from the server that was “operating nodes in the Pareto botnet.’ This C&C server sent instructions to all the infected phones, and the devices then carried out other malicious activities.
“These Roku apps, in a similar fashion to the Android-based Pareto apps, were spoofing other smart TV and consumer streaming products,” researchers said in a blog post.
Android Apps Transformed devices into Smart TVs
In their report, Human Security researchers claim that they found 29 Android apps, most of which were available on Google’s official Play Store, made infected devices appear smart TVs hence tricking ad providers into believing that the ad views were authentic. In reality, this wasn’t the case. These benign apps contained a software development kit, which generates the faked ad views.
Just a couple of days ago, researchers found malware-infected apps on Play Store that had more than 750,000 installs. Therefore, if you are an Android user it is advised to avoid downloading apps from third-party stores and refrain from downloading unnecessary apps from Google Play Store.
Although the store is home to millions of apps, Google clearly lacks at securing it. Additionally, keep your device updated and scan it regularly with reliable anti-malware software.