Android is by far the most popular mobile operating system with over 2.5 billion users. That makes it a prime target for malicious third-parties that want to infect devices across the globe with malware. Most recently, the team at Barracuda Security discovered almost 200 apps that contained either adware or a suspicious combination of device permissions. And now cybersecurity company White Ops has identified 116 apps – with more than 4.6 million downloads between them – it claims are performing ad fraud.
The firm said the apps are leveraging a type of code it nicknamed “Soraka” and a similar variant named “Sogo”. In a nutshell, the code allows the programmes in question to display adverts over an Android device under certain circumstances.
White Ops performed a deep dive into one of the apps in question that remains on the Google Play Store at the time of writing, Best Fortune Explorer. The app seems a tantalising premise – get a glimpse into your future – but the reality is much more frustrating.
The app was noted to leverage a framework called AppsFlyer that’s used for mobile attribution and marketing analytics. According to the security firm, if you download the app through any kind of promotion (such as on a website for example), then intrusive adverts will plague the device in question.
White Ops showed a GIF of the frustrating promotions in action. Best Fortune Explorer was exhibited to be capable of displaying full screen adverts (that last up to 20-seconds in some circumstances) over a user’s home screen.
Android is by far the most popular mobile operating system with over 2.5 billion users
Best Fortune Explorer was shown to display intrusive ads under certain circumstances
Best Fortune Explorer remains on the Google Play Store at the time of writing
All of the apps discovered were noted to demonstrate similar behaviours. The adware being used was noted to be capable of hiding, making it harder to detect by apps designed to root out malware like VirusTotal.
Speaking with Forbes, White Ops’ John Laycock said: “Those hiding behaviours are significant. The fraudsters are getting smarter—they know this is now an arms race, they’re trying to slow down analysis with these tactics. We’re seeing these types of behaviours more and more.”
You only need to take a read of Best Fortune Explorer’s reviews to see that something is seriously wrong with the app. Numerous comments note after installing it their phone has been burdened with annoying adverts.
One Android user said: “Totally useless. After installing, you get so many unnecessary ads. While writing this also, I got 4 ads. This is like a virus for your phone.”
Another wrote: “Don’t download it. You will just time pass. And main problem after download is you will get non-stop adds and adds. Even you cannot get to use anything. And also there is nothing like shown in adds. It is like a virus.”
At the time of writing, Best Fortune Explorer has amassed over 100,000 installs and has an average review rating of three stars.
According to Forbes, Google has been informed of the apps discovered by White Ops. However, it seems some of the 116 programmes remain on the Play Store.
White Ops urged Android fans to remove any of the apps in question if they have them installed and provided the package names for each.
They were listed as being: