SoylentNews

Over 100 Android Apps Used 'Soraka' Package to Perform Ad Fraud

posted by janrinok on Wednesday January 01 2020, @12:57PM   
from the click-bait dept.

upstart writes in with an IRC submission for Anonymous_Coward:

Over 100 Android Apps Used 'Soraka' Package to Perform Ad Fraud:

Researchers identified more than 100 apps that used a common code package named “Soraka” to perform ad fraud on users’ Android devices.

The White Ops Threat Intelligence team observed that many of the apps did not have a suspicious reputation at the time of discovery. For instance, the “Best Fortune Explorer” registered no red flags with anti-virus engines on VirusTotal when White Ops Threat Intelligence published its research. The app had already received 170,000 downloads by that time, and it was still available for download on Google’s Play Store.

Together, all of the 100+ malicious Android apps registered 4.6 million downloads.

In its analysis, the White Ops Threat Intelligence team found that the apps relied on a framework called AppsFlyer to watch for inorganic installations attributed to fraudsters’ promotional efforts. The apps displayed fraudulent ads only when where there was an inorganic installation. In those cases, the apps used their underlying Soraka code to determine what to run based upon several triggers.

According to the White Ops Threat Intelligence team, there’s a likely explanation for this use of AppsFlyer. As the researchers explain in a blog post:

The filtering is likely a mechanism to avoid detection from automated analysis and other services that would install the app ad-hoc and then, most likely, be considered as organic by AppsFlyer. This mechanism also allows fine-grain control of who (or what) receives the ad fraud, using the controls of ad serving platforms. The apps render out-of-context ads when the filter conditions are appropriate.

---

Original Submission

• ad fraud is a public service ad fraud is a public service (Score: 5, Touché) by Runaway1956 on Wednesday January 01 2020, @02:27PM (2 children)

  by Runaway1956 (2926) on Wednesday January 01 2020, @02:27PM (#938196) Journal

  Anyone who rips off the advertisers and other snoops is doing us all a favor.

  Starting Score:	1		point
  Moderation		+3
  Funny=1, Touché=2, Total=3
  Extra 'Touché' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		5

• Re:ad fraud is a public service Re:ad fraud is a public service (Score: 3, Insightful) by RandomFactor on Wednesday January 01 2020, @04:39PM (1 child)

  by RandomFactor (3682) on Wednesday January 01 2020, @04:39PM (#938267) Journal

  This isn't just replacing one set of ads with another or changing the affiliate that gets credit. That wouldn't affect the user experience significantly, and you can make the case that there is benefit to destroying the ridiculously intrusive and disrespectful-of-our-time ad-serving ecosystem.
   
  This is not that.
   
  It is basically the equivalent of aggressive full screen browser pop-ups on your phone.
   
  You unlock your phone, your screen is taken over by an ad. You minimize that ad, ANOTHER full screen ad takes over. Close that one down, a bit later another pops up randomly.
  You delete the app, it uses persistence mechanisms to come back and do it again later.

  --
  В «Правде» нет известий, в «Известиях» нет правды

  Parent

  • Re:ad fraud is a public service (Score: 3, Informative) by Anonymous Coward on Wednesday January 01 2020, @06:37PM

    by Anonymous Coward on Wednesday January 01 2020, @06:37PM (#938315)

    ... and thus it makes everyone pissed off at advertisement and lowers people acceptance for it, just like it should be.
    Seriously, the pervasiveness of ads is madness these days. Somehow, people have taken the perpetual beatings by ads as "just par for the course". This is not normal!

    Parent