Android users are once again under attack but this latest threat has targeted the popular platform in a whole new way. The attack, which was first spotted by the team at White Ops, used the lure of a gift of free trainers to get users downloading malware-filled apps.
Once installed, the applications silently set about installing phone-clogging adware which was then able to run adverts in the background without the owner ever knowing.
This sneaky trick has the ability to rake in huge sums of money for cyber criminals and because the adverts don’t appear on the screen it’s incredibly hard to spot.
Once told about the issue, Google instantly removed all of the offending apps but not before they’d been installed thousands of times and infected over 65,000 devices in June alone.
The attack, codenamed TERRACOTTA, has been in circulation since last year with Android fans promised that they would receive a new pair of trainers 14-days after installing the app and filling in their details
READ MORE: Android users could DOUBLE their money with little-known Play Store incentive
Of course, the shoes never arrive and all that people are left with is an app which is making money for someone else courtesy of their phone.
As the White Ops team explain, “These apps weren’t really offering free shoes at all and users were left empty-handed (and barefooted).
“Many ‘scam’ apps like these across the internet lure users into installing them under false pretenses, provide no meaningful functionality, and proceed to bombard their users with unwanted and intrusive ads.”
Why this latest attack was so unique was how it avoided detection.
Upon further analysis by the Satori team, it became obvious these apps were a delivery platform for some other functionality, which was lying dormant even beyond the 14-day window of promised shoe delivery. The real free “product” surreptitiously sent to users was a box-fresh payload of ad fraud malware.
The operation of the TERRACOTTA malware is particularly noteworthy for its advanced know-how in pulling off ad fraud plausibly, indicating an experienced operation well-versed in the nuance of ad tech and ad verification.
Google has confirmed that it’s taken the threat seriously and has now removed all the offending apps from its Play Store.
In a statement, the US firm said: “Due to our collaboration with White Ops investigating the TERRACOTTA ad fraud operation, their critical findings helped us connect the case to a previously-found set of mobile apps and to identify additional bad apps. This allowed us to move quickly to protect users, advertisers and the broader ecosystem – when we determine policy violations, we take action.”