These shell companies were reportedly using a front, We Purchase Apps, to buy legitimate apps, available on Google Play Store, from their developers to gain control over 125 apps with combined download of 115 million. Photo: Reuters
These shell companies were reportedly using a front, We Purchase Apps, to buy legitimate apps, available on Google Play Store, from their developers to gain control over 125 apps with combined download of 115 million. Photo: Reuters

Google cracks down on ad fraud targeting 125 Android apps

Cyber criminals behind the ad fraud were using botnets to maintain the appearance of a flourishing app with a growing user base to inflate as revenue

The unprecedented reach of smartphones has made them a major touchpoint for advertisers trying to reach out to more users. Like malware attacks faced by users, advertising and publishers are increasingly harangued by wave of fast evolving ad frauds.

Early this week, US-based news portal BuzzFeed uncovered an ad scam controlled by a network of shell companies located in eastern Europe. They were reportedly using a front, We Purchase Apps, to buy legitimate apps, available on Google Play Store, from their developers to gain control over 125 apps with combined download of 115 million.

These shell companies ran the apps like before so no one would suspect anything, while they carefully analysed the behaviour of the apps’ human users. The data was then used to model a huge network of botnets pretending to be actual users, according to Protected Media, a cybersecurity firm hired by BuzzFeed to investigate the matter. With the army of botnets, they managed to show an inflated number of users to advertisers. They also managed to bypass the fraud detection tools, put in place by advertisers and Google.

In an official blog post Per Bjorke, Product Manager, Ad Traffic Quality, confirmed that the information furnished by the news portal helped them identify the ad scam targeting apps and websites that were monetizing with numerous ad platforms, including Google. “We have removed apps involved in the ad fraud scheme so they can no longer monetize with Google. Further, we have blacklisted additional apps and websites that are outside of our ad network, to ensure that advertisers do not buy any of this traffic," he adds.

According to Israel-based mobile analytics firm AppsFlyer, app install frauds accounted for financial losses of up to $800 million to advertisers in Q1 2018. Android’s larger user base (86%) makes it a bigger cesspool for this new breed of cyber threats. According to Google’s estimates the dollar value of affected Google advertiser spending across the apps and websites that were targeted by the ad fraud was under $10 million.

Bjorke further points out that the reported ad scam was the handiwork of the same group that was behind a web based botnet called TechSnab, which has been on Google’s radar for some time. TechSnab operates by opening hidden web browser windows to visit a series of websites created specifically for the purpose. The botnet used tools to cloak IP address.

The ad fraud also poses a major privacy risk for users, whose behaviour was being monitored. The apps that were targeted by the fraudsters offered services such as VPN (virtual private network), call blocker, restaurant finder, traffic updates and video editing.

Using botnets to manipulate numbers has been reported on Twitter as well, but with entirely different objective. In July 2018, the microblogging platform started removing all accounts locked for suspicious activities, such as bulk tweeting and posting large number of unsolicited replies, from showing in the follower counts across profiles. It was found that the Twitter accounts of millions of users were controlled by bots which were being bought by politicians and celebrities to influence public opinion.

Close