"Researchers Disrupt Fraudulent Apps in Apple App Store and Google Play"

Human Security Inc. researchers recently announced that they thwarted a sophisticated advertising fraud operation that distributed apps on both the Google Play Store and Apple App Store. The "Scylla" campaign involves using mobile applications that appear to be legitimate apps to trick users into downloading them. The apps contained hidden advertisements, which they rendered in places where the user could not see them and generated fake clicks. The apps also tracked real ad clicks in order to fake additional clicks later. Fake apps with malware or adware are not new, but the majority of them do not make it onto the main two app stores. The researchers discovered 80 Scylla-infected apps on Google Play Store and nine apps on the Apple App Store that had been downloaded more than 13 million times. The Human Security researchers collaborated with Google and Apple to ensure the apps linked to the Scylla operation were removed. The researchers also collaborated with advertising Software Development Kit (SDK) developers to lessen the impact of the operation on their processes and advertising partners. Although the Scylla apps have been removed from the main app stores, the campaign continues, with those behind it distributing infected apps through smaller, third-party app stores. These tactics, combined with the obfuscation techniques first seen in the Charybdis operation, demonstrate the threat actors' increased sophistication. This article continues to discuss the malicious Scylla campaign distributing apps on the Google Play Store and Apple App Store. 

SiliconANGLE reports "Researchers Disrupt Fraudulent Apps in Apple App Store and Google Play"