Android Ad Scam Hijacks Phones; Drains Data, Battery

John Lister's picture

22 Android apps are eating up data allowances to benefit scammers at the expense of phone owners, a security firm says. The apps are using smart phones to carry out fraud against online advertisers.

Sophos says it's found 22 offending apps with a total of two million downloads. They are each described as offering simple games or basic utilities such as keeping the phone's flash activated to act as a flashlight. While they work as described, which helps get good online reviews and build credibility, the scam is happening behind the scenes. (Source: sophos.com)

The apps are used for click fraud, designed to scam advertisers. They work by retrieving, displaying and 'tapping' ads on pages created which were previously set up by scammers. The phone user never sees this happen as the pages are displayed in a hidden window that lies underneath whatever's visible on the phone screen.

Advertisers Pay For Bogus Views

Although there's no human being actually seeing the ad, it still racks up the number of clicks and views recorded by the scammer's website. They then get paid a per-view or per-click fee from the advertisers. Usually this works through a third-party ad network such as Google, putting an extra layer of distance between the scammers and the advertisers.

While the phone user isn't financially involved, they still suffer from two negative consequences. One is that the behind-the-scenes process eats up battery life, albeit in a way that's hard to isolate. The other is that the process of retrieving the ads uses up data (providing the user isn't connected to WiFi), which then eats into monthly data allowances. (Source: birminghammail.co.uk)

The apps were configured so that the click fraud was running almost constantly, even when the app itself was closed.

Android Handsets Disguised As iPhones

Rather cheekily, the click fraud sometimes disguised the details of the affected Android handsets and made it look like the ad views and clicks were coming from iPhones. Some advertisers pay more for traffic from Apple users as they believe they have bigger spending power.

Google has now removed the apps in question from the Play Store. Sophos recommends Android users check their phones and remove any of the following they find:

  • AK Blackjack - com.maragona.akblackjack
  • Animal Match - com.beacon.animalmatch
  • Box Stack - com.mobile.boxstack
  • Cliff Diver - com.mobile.cliffdiver
  • Color Tiles - com.maragona.colortiles
  • HexaBlocks - com.atry.hexablocks
  • HexaFall - com.atry.hexafall
  • Jelly Slice - net.kanmobi.jellyslice
  • Join Up - com.pesrepi.joinup
  • Just Flashlight - app.mobile.justflashlight
  • Magnifeye - com.magnifeye.android
  • Math Solver - com.mobilebt.mathsolver
  • Neon Pong - com.pesrepi.neonpong
  • PairZap - com.atry.pairzap
  • Roulette Mania - com.beacon.roulettemania
  • ShapeSorter - com.mobilebt.shapesorter
  • Snake Attack - com.mobilebt.snakefight
  • Space Rocket - com.pesrepi.spacerocket
  • Sparkle FlashLight - com.sparkle.flashlight
  • Table Soccer - com.mobile.tablesoccer
  • Tak A Trip - com.takatrip.android
  • Zombie Killer - com.pesrepi.zombiekiller

What's Your Opinion?

What measures do you take to reduce the risk of installing malicious apps? Does Google do enough to check what apps are actually doing? Have you ever noticed unexpectedly high battery or data use on your handset?

Rate this article: 
Average: 5 (8 votes)

Comments

Dennis Faas's picture

I use a free data and wifi firewall called NetGuard, which blocks all apps from using my data allowance (I'm using a pay-as-you-go data plan). I only allow a small number of apps to use my data - the rest are blocked by default. This would have prevented any data overages. NetGuard can also be configured to deny wifi and data for all new apps (by default), though most folks most likely wouldn't want to that.

It's too bad Google doesn't do more to detect this sort of thing from happening in the first place, though I imagine it would be difficult especially if data is going in and out through an encrypted connection such as a VPN.

buzzallnight's picture

Hi,

Which pay-as-you-go data plan do you use?
Which pay-as-you-go data plan is the best?

Thanks

Buzz

Dennis Faas's picture

I am in Canada and use Koodoo Mobile pay as you go - the cost is $15 a month for unlimited texting (which is all I need). Any top up (500 minutes of voice, data, etc) gets moved onto the next month if I don't use it so I am not continuously paying for voice and data. This is perfect for me since I am always near WiFi and can use that instead of data or voice.