Search engine Google has been steadily increasing the security to block fraudulent Android apps entering the Play store. It has even formed an alliance with top security firms to detect those bad apps.
The White Ops Satori Threat Intelligence and Research team have discovered close to 5,000 spoofed apps of performing TERRACOTTA ad fraud operations on 65,000 phones. Apparently, they offer baits such as free subscription, discounts on products, concert tickets, shoes, and other freebies to the victims in return for installing their apps. However, the apps never fulfill the promises and did illegal activities.
Once installed, the apps did not perform as advertised and apparently modified APK code to avoid detection from the security system of the Android phone and flood the screen with ads. In June 2020 alone, they posted more than two billion ads to earn revenue on viewer impressions. This is an act of fraud, as both the phone users and the product companies were hoodwinked.
White Ops team detected the TERRACOTTA malware code and its hidden functionality in a file named index.android.bundle within the resources directory of the app. The information was duly forwarded to Google and the latter, without any delay removed the apps.
The search engine company is expected to do further review of apps in the Play store and remove more such malicious applications in the coming days.
“Due to our collaboration with White Ops investigating the TERRACOTTA ad fraud operation, their critical findings helped us connect the case to a previously found set of mobile apps and to identify additional bad apps. This allowed us to move quickly to protect users, advertisers, and the broader ecosystem – when we determine policy violations, we take action,” Google spokesperson said.