Secure-D, an anti-fraud organisation that detects and blocks mobile ad fraud, has released a report on mobile ad fraud and its impacts on users. Part of the report explains how malware designed for mobile ad fraud works on our smartphones.
Distribution
The initial stage of mobile ad fraud is distribution. This is when fraudsters trick users into installing an infected application on their phone. Secure-D claims the best way to usually do this is by making an app that looks authentic:
For example, a weather app may do exactly what it claims and at the same time run malicious activity that remains undetected in the background
Secure-D
The malicious app is then distributed on platforms such as Google Play Store which (Secure-D claims) hosts 32 of the 100 most malicious apps. The malicious apps are also distributed through 3rd party app stores.
Cybercriminals also target tools that developers use to create the apps themselves which allows “malicious code to become integrated into multiple, otherwise legitimate, third-party apps”.
Permissions
Whilst permissions are meant to protect users by giving them control over which information apps can access on the phone, these can also be used by cybercriminals to carry out their attacks.
Because users don’t always pay attention to what permissions they give to apps, sometimes they end up giving infected apps access to too much information.
Malware gets to action
Once the malware is part of a device it becomes part of a botnet (robot network) of infected devices. In this stage, it can now be controlled by a bot-herder.
In the case of mobile ad fraud, the malicious application can visit websites, click on banner ads and simulate a real person going through a subscription process. It can even override a two-step authentication process. The goal, in any case, is for fraudsters to claim pay-outs from advertisers for bogus traffic.
Lying low
The report claims that the trickiest aspect of mobile malware is that it will continue operating “without raising suspicions”. How do they achieve this?
- The app will continue functioning well even the malware is running in the background
- Ensuring that excessive battery drain doesn’t occur.
- Some apps disappear from the homepage/app drawer of the device after being installed making it less likely that a user knows that’s the app causing problems.