Security researchers have discovered a malware that has been downloaded millions of times. It has appeared in at least 85 Android and iOS apps. It is about invisible advertising and click fraud. Google and Apple have since responded.
Android and iOS: new malware is spreading
Researchers from Human Security have found malware in a whole series of mobile apps that wanted to earn money in an unusual way with click fraud. The method used was called “Scylla”, via which users are bombarded with ads – sometimes without even realizing it.
According to the analysis, the malware was present in at least 75 Android apps, plus “over” ten iOS apps. Together, they are said to have been downloaded over 13 million times, which suggests a fairly successful approach by the fraudsters. Both Google and Apple, as the operators of the app stores, have been informed by Human Security about the apps. They are no longer available, so they cannot cause any additional damage. A large part of the apps are said to have been games.
The most downloaded apps have names like “Super Hero-Save the world!”, “Arrow Coins” and “Parking Master”. These three apps alone were installed around 1.5 million times. The list also includes apps for which the download figures could not be determined (source: Human Security).
Malware apps: Annoying and invisible advertising
If one of the infected apps is installed on the smartphone, users can expect, among other things, advertisements to suddenly pop up on the homescreen. Less annoying, but also harmful, is the invisible advertising in the background. Users do not notice this. The malware simulates clicks on ads in order to earn money.