Android Ad Scam Hijacks Phones; Drains Data, Battery
by John Lister, InfoPackets.com
December, 13 2018

22 Android apps are eating up data allowances to benefit scammers at the expense of phone owners, a security firm says. The apps are using smart phones to carry out fraud against online advertisers.

Sophos says it's found 22 offending apps with a total of two million downloads. They are each described as offering simple games or basic utilities such as keeping the phone's flash activated to act as a flashlight. While they work as described, which helps get good online reviews and build credibility, the scam is happening behind the scenes. (Source: sophos.com)

The apps are used for click fraud, designed to scam advertisers. They work by retrieving, displaying and 'tapping' ads on pages created which were previously set up by scammers. The phone user never sees this happen as the pages are displayed in a hidden window that lies underneath whatever's visible on the phone screen.

Advertisers Pay For Bogus Views
Although there's no human being actually seeing the ad, it still racks up the number of clicks and views recorded by the scammer's website. They then get paid a per-view or per-click fee from the advertisers. Usually this works through a third-party ad network such as Google, putting an extra layer of distance between the scammers and the advertisers.

While the phone user isn't financially involved, they still suffer from two negative consequences. One is that the behind-the-scenes process eats up battery life, albeit in a way that's hard to isolate. The other is that the process of retrieving the ads uses up data (providing the user isn't connected to WiFi), which then eats into monthly data allowances. (Source: birminghammail.co.uk)

The apps were configured so that the click fraud was running almost constantly, even when the app itself was closed.

Android Handsets Disguised As iPhones
Rather cheekily, the click fraud sometimes disguised the details of the affected Android handsets and made it look like the ad views and clicks were coming from iPhones. Some advertisers pay more for traffic from Apple users as they believe they have bigger spending power.

Google has now removed the apps in question from the Play Store. Sophos recommends Android users check their phones and remove any of the following they find:

  • AK Blackjack - com.maragona.akblackjack
  • Animal Match - com.beacon.animalmatch
  • Box Stack - com.mobile.boxstack
  • Cliff Diver - com.mobile.cliffdiver
  • Color Tiles - com.maragona.colortiles
  • HexaBlocks - com.atry.hexablocks
  • HexaFall - com.atry.hexafall
  • Jelly Slice - net.kanmobi.jellyslice
  • Join Up - com.pesrepi.joinup
  • Just Flashlight - app.mobile.justflashlight
  • Magnifeye - com.magnifeye.android
  • Math Solver - com.mobilebt.mathsolver
  • Neon Pong - com.pesrepi.neonpong
  • PairZap - com.atry.pairzap
  • Roulette Mania - com.beacon.roulettemania
  • ShapeSorter - com.mobilebt.shapesorter
  • Snake Attack - com.mobilebt.snakefight
  • Space Rocket - com.pesrepi.spacerocket
  • Sparkle FlashLight - com.sparkle.flashlight
  • Table Soccer - com.mobile.tablesoccer
  • Tak A Trip - com.takatrip.android
  • Zombie Killer - com.pesrepi.zombiekiller