There are more and more people who doubt the different capabilities of the smartphone. Indeed, can he hear us? Can he see us without our knowledge? Can he take some of our personal information without us knowing? Well, actually the answer is no. Smartphones do not have this skill. However, some applications can, without our knowledge, spy on our daily lives or even use our personal data. Indeed, the computer security researchers from Human Security managed to unearth a total of 89 apps. hiding apps and malware (adware) on Play Store and App Store. It would seem that iPhones, as well as Android phones are involved in this problem. Therefore, the experts have identified 80 Android apps on the Play Store et 9 applications iOS on the App Store. We tell you everything!
Apps offered by scammers
The researchers were keen to explain the process. The applications concerned have been put online as part of an operation. This unofficial operation is called Scylla and aims to generate significant ad revenue quickly and without disturbing users who might uninstall the app. Indeed, to succeed in generating these large amounts, cybercriminals must use malware. This software comes to invade the user’s screen with advertisements. However, advertisements can pop up at any time, whether during use or even when the screen is locked.
This is a rather aggressive strategy. However, it remains essential for technique of these scammers. « Every fraud scheme is a race once morest the clock for malicious actors: fraudsters have a limited time to reap enough profits and recoup development and deployment costs first “, specify the researchers.
Ad Fraud on Play Store and App Store
This ad fraud attack has been evolving since 2019, according to Human Security. The researchers decided to name this fraud Poseidon. Thereby, an adware malware has managed to slip into the code of many Android apps from the Play Store. In a bid to get into the apps, the malefactors flooded the victims with advertisements without their knowledge. Several fraud techniques are used to reach a level practically imperceptible. First, the developers manage to manipulate advertisers. And this, by passing off their applications as legitimate and very popular solutions. The survey explains that malicious actors code their apps to pretend to be other apps”.
Once the victims fall into the trap, they show the ads when “ the user cannot see them”. As a result, advertisements appear when the screen is locked, for example. Sometimes ads are broadcast invisibly in the background of an application. An obvious waste of time for advertisers. These ads, displayed without the knowledge of the victim, are still counted in the results of the applications. Thus, thanks to these false results, the criminals perceive significant income.
The list of Android and iOS applications
During the investigation conducted by Human Security, researchers were able to discover that certain applications were hiding adware. These criminals have succeeded in accumulating over 13 million installs. So many victims who did not even know they were affected by this fraud. And this, knowing that the majority of advertisements pass as soon as the screen is in standby.
It should be noted that the two application stores, the App Store and the Play Store, promptly banned the applications. It is therefore impossible to install them now. However, it is still necessary to check that they are not on your smartphones. And this, whether you have un smartphone Apple ou Android.
The 9 iOS apps
The researchers therefore found 9 applications on the brand’s processor Apple, iOS. The applications to uninstall as soon as possible are as follows. Loot the Castle, Run Bridge, Shinning Gun and Racing Legend 3D. As well as Rope Runner, Wood Sculptor, Fire-Wall, Ninja Critical Hit and finally Tony Runs.
There are 80 of them on the Play Store
The first 20 apps
The Play Store seems much more affected by adware. Actually 80 applications are therefore involved in the fraud. Avec Super Hero-Save the world !, Arrow Coins, Parking Master, Lady Run et Magic Brush 3D. Ainsi que Shake Shake Sheep, Number Combination: Colored Chips, Jackpot Scratcher-Win Real, Scratch Carnival et Ztime : Earn cash rewards easily. Ou encore Billionaire Scratch, Lucky Wings – Lotto Scratcher, Lucky Star: Lotto Scratch, Shake Shake Pig et Lucky Money Tree. Et Run And Dance, Lucky Scratchers: Lotto Card, Pull Worm, Crowd Battle:Fight the bad guys et Shoot Dummy – Win Rewards & Paypal Cash. Ces applications ne représentent que 20 des 80 applications Android touchés.
The next 40
Il y a également Spot 10 Differences, Find 5 Differences – New, Dinosaur Legend, One Line Drawing et Shoot Master. Ou encore Talent Trap – NEW, shoot it: Using Gun, Super Flake, Five-Star Slice et Sand Drawing. De plus, Mr Dinosaur: Play your Dino, Track Sliding New, Beat Kicker New, Fill Color 3D et Draw Live. Ainsi que Draw 1 Stroke, Fidget Cubes, Girls Fight, Ninja Assassin et Shooting Puzzle 2020. Toutefois, the list is far from over. There are also Pulley Parkour, Chop Flake 3D, Weapon Fantasy, Balloon Shooter and Musical Shoot. Or Chop Slices, Ninja Slice, Work Now!, Bottle Jump and Corn Scraper. Other apps like Idle Wood Maker, Pop Girls Schooler, Romy Rush, Spear Hero and Dig Road Balls. Or even BOO Popstar, Draw Complete, Rush 2048:3D Shoot Cubes, Meet Camera and Auto Stamp Camera.
The last 20 applications affected by the adware
We can finally see the end of the list of affected applications by this fraudulent transaction. Indeed, the last 20 to uninstall as soon as possible are: Find Five Differences, MUFC, Roll Turn, Hidind Draw and Peter Shoot. As well as Design n Road, Draw Complete, Thief King, Downhill Race and Draw a War. Additionally, Rescue Master, Spin:Letter Roll, Helicopter Attack – NEW, Crush Car, and Relx cash are at risk. And finally, the last five apps to uninstall are War in Painting, Bike Extreme Racing, Player Spiral Maker 3D, Match 3 Tiles and 2048 Merge Cube – Win Cash.