Skip to main content

App Store hosted 10 ad fraud apps compared to 75 on Google Play Store

Security researchers discovered 85 apps engaged in ad fraud; ten are on the App Store, and the other 75 are on Google Play. Combined, people downloaded them over 13 million times. They’re part of a new ad fraud campaign named “Scylla.”

The information comes from Bleeping Computer. According to the publication, researchers from HUMAN’s Satori Threat Intelligence team found 85 apps available on the App Store and Google Play that flood mobile users with ads – both visible and hidden – or generate revenue by “impersonating legitimate apps and impressions.”

The analysts believe Scylla is the third wave of an operation they found in August 2019 and dubbed ‘Poseidon’. The second wave, apparently from the same threat actor, was called ‘Charybdis’ and culminated towards the end of 2020.

Here are the ten apps found on the iOS App Store that offered adware:

  • Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
  • Run Bridge – com.run.bridge.race (id1584737005)
  • Shinning Gun – com.shinning.gun.ios (id1588037078)
  • Racing Legend 3D – com.racing.legend.like (id1589579456)
  • Rope Runner – com.rope.runner.family (id1614987707)
  • Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
  • Fire-Wall – com.fire.wall.poptit (id1540542924)
  • Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
  • Tony Runs – com.TonyRuns.game

According to Bleeping Computer, Satori researchers informed Apple and Google about these apps, and they have been removed from the App Store and Google Play. If by any chance you downloaded one of the apps, the best way to remove the adware is to simply erase the app from your device.

The publication explained a bit more about this malware, which, different from other kinds of viruses, is not exactly harmful to your device – since it only shows you ads – although it can be a door for other malware to infect your phone.

The Scylla apps typically used a bundle ID that doesn’t match their publication name, to make it appear to the advertisers as if the ad clicks/impressions come from a more profitable software category.

HUMAN’s researchers found that 29 Scylla apps imitated up to 6,000 CTV-based apps and regularly cycled through the IDs to evade fraud detection.

You can learn more about these scam apps making its way to the App Store and how these waves of invasion have been occuring for the past three years here.

Read more:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications