A massive mobile ad-fraud operation, involving hundreds of malware-laden Android apps, has been uncovered by Oracle.
The scheme, “DrainerBot,” involved serving ads that were invisible to users, but that burned through their data allotments and depleted their batteries. The affected apps — including popular ones like “Perfect365” and “Draw Clash of Clans” — have been downloaded more than 10 million times.
The apps contained malicious software development tools that were apparently distributed by the company Tapcore, according to Oracle.
Tapcore boasts it can help developers monetize apps that users have either pirated or obtained from unauthorized sources. The company says its software tools are in more than 3,000 apps.
While Tapcore is based in the Netherlands, many company executives and employees are located in Russia, Latvia and the Ukraine, according to Tapcore’s LinkedIn page.
Tapcore’s code loads mobile video ads that are invisible to users on their phones, according to Oracle. The ads appear on spoofed domains, but the app tells the ad network that the video ads appeared on legitimate sites.
Some people who downloaded the apps realized they consumed large amounts of data — although users didn’t necessarily know why. Last September, one person who reviewed Perfect365 — an app that offers makeup tools — wrote that it “goes insane periodically and eats through ton of data in the background.”
The app developers may not have been aware of the nature of Tapcore’s software, according to Chris Tsoufakis, senior director of software engineering at Oracle. “From what we can observe, it’s definitely possible that the developers in this case are victims,” he says.
Tapcore’s website says…