One more time, the Android Play Store has made it to the news due to a security problem. This time, the researchers discovered an ad fraud botnet, TERRACOTTA, targeting Android users via malicious apps.
TERRACOTTA Ad Fraud Botnet
The WhiteOps Satori Threat Intelligence and Research Team caught another wave of malicious apps flooding the Android Play Store. Investigating the matter could let them unveil a dedicated ad fraud botnet behind them, TERRACOTTA.
As explained in their blog post, the malicious apps mimicked various apps to trick users. Whereas, to attract users, the apps offered various free gifts, such as free shoes or even tickets, within 14 days from downloading the app.
During this time, the app would establish on the target device and would display ads after crossing the incubation period.
While the apps weren’t malicious themselves, they actually paved the for the deployment of payload for the ad fraud.
The researchers have presented a detailed technical analysis of the botnet in a separate report.
Google Removed Some Malicious Apps
Following their report, the Google security team quickly stepped up to spot and remove the malicious apps. Consequently, they have removed an undisclosed number of apps from the Android Play Store.
Below is the statement provided by Google spokesperson to WhiteOps,
Due to our collaboration with White Ops investigating the TERRACOTTA ad fraud operation, their critical findings helped us connect the case to a previously-found set of mobile apps and to identify additional bad apps. This allowed us to move quickly to protect users, advertisers and the broader ecosystem – when we determine policy violations, we take action.
While Google has removed the apps, those apps might still be running on the victims’ devices. According to the researchers, these apps boasted over 65,000 infected devices.
Hence, users should review their phones for any apps that affect the performance of their devices and exhibit malicious behavior, such as excessive battery consumption and intrusive ads. Upon spotting any app exhibiting such behavior, make sure to remove it from the device and scan it with a robust antimalware.
Also, users must ensure downloading any apps from trusted developers only.
Let us know your thoughts in the comments.