Google has removed a number of apps from the Play Store after research reported the apps’ malicious nature. These Android apps were promising users free gifts like shoes and tickets but were installing ad fraud botnet on their devices.
These apps were discovered by the White Ops Satori Threat Intelligence & Research team. The team codenamed the botnet TERRACOTTA and revealed the technical aspects of the campaign.
The TERRACOTTA malware was offering Android users “free goods in exchange for downloading the app.” While users never received these freebies, the malware got activated as soon as the app was installed. TERRACOTTA then used the smartphone to “generate non-human advertising impressions purporting to be ads shown in legitimate Android apps.”
According to the research team, the malware had generated “more than two billion fraudulent bid requests, infected upwards of 65,000 unwitting devices, and spoofed more than 5,000 apps” in only a week in June of 2020.
These apps had varying titles, like ‘Free Boots’ or ‘Get Free Sneakers.’ Moreover, what lured in many users was the glowing 5-star ratings on these apps. The ratings were accompanied with good reviews that appreciated the apps and the great shoe collection.
As one scrolls further through, many comments from Android users pop up, where users have commented on their agitation for not receiving their new shoes after weeks of installing the app. The apps would ask users to keep the app installed for two weeks before they get their prizes.
A spokesperson from Google also spoke about the collaboration. The spokesperson said that White Ops’ “critical findings” helped them “connect the case to a previously found set of mobile apps and identify additional bad apps.”