Security researchers discovered 10 adware apps in the iOS App Store that were engaging in ad fraud. When downloaded, these apps generated revenue by impersonating legitimate apps and ad impressions.
Adware iOS Apps Are Both Visible and Hidden
According to BleepingComputer, 10 different iOS apps flooded users with advertisements that were both visible and hidden. Together with 75 Android apps, the iOS apps achieved a total of 13 million installations.
Security research firm HUMAN’s Satori Threat Intelligence team discovered the fraudulent adware iOS apps. The firm named the new ad fraud campaign “Scylla.” The team believes Scylla is the third wave of an ad fraud campaign that the firm first discovered in August 2019. The research firm named the first and second wave of the campaign “Poseidon” and Charybdis” respectively. Charybdis, the second wave, was discovered during the latter part of 2020.
Realizing the threat of these apps to users, the Satori team contacted Apple and Google to inform them of the adware apps. Both companies have removed the apps from their respective app stores. However, for iOS users who may have already installed the adware iOS apps on their devices, Apple has not provided details on how to remove them. The research firm recommended that users remove the apps from their iOS devices.
10 Fraudulent Apps You Need to Remove Now
Below are the 10 fraudulent iOS apps:
- Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
- Run Bridge – com.run.bridge.race (id1584737005)
- Shinning Gun – com.shinning.gun.ios (id1588037078)
- Racing Legend 3D – com.racing.legend.like (id1589579456)
- Rope Runner – com.rope.runner.family (id1614987707)
- Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
- Fire-Wall – com.fire.wall.poptit (id1540542924)
- Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
- Tony Runs – com.TonyRuns.game
BleepingComputer also noted the difficulty of detecting and reverse engineering fraudulent apps. It advises users to monitor their apps for malicious or unwanted activities by looking for some signs that typically indicate an issue. These include rapid battery drainage and increased internet data usage. Another precautionary measure is to remove apps that users don’t remember installing at all.
Arnold:
This does raise a question about how Apple, or for that matter, other companies vet apps for hosting on their app stores, assuming that many others do so. Both criminal organisations and state actors (often one and the same) continue to advance their craft with ingenious exploits for defeating both detection and security protocols. This puts increasing pressure on Apple to use ever more sophisticated vetting and monitoring protocols to keep our data and the user community safe.
Perhaps it is time for Apple to update the user community on just that, without tipping their hand to the bad guys.