Ad revenue business is dependent on automated processes for buying and selling of advertisements as they pay out on the basis of views and clicks. But this system is also vulnerable to abuse, and this is exactly what happened.
On Tuesday, Buzzfeed News exposed an ad fraud where cybercriminals were using more than 125 Android apps and websites for tracking and mimicking user behavior. It was used generating millions of dollars through ad views/ clicks.
Google explained in a blog post, how the botnet termed as “TechSnab” works to inflate the ad revenue by deploying bots to visit web pages. It showed ads to bots in an invisible window to create fake traffic among the real ones.
A front company called “We Purchase Apps” would buy legit apps from developers and transferred the ownership to a network of shell companies located in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and other places.
The masterminds of the ad fraud network kept an eye on popular apps and brought them quickly to include in their network. Once acquired, the apps were kept well maintained to keep the real users happy.
These purchased apps were used to train bots to monitor user behaviour and act like humans. This is how they managed to evade various fraud prevention tools and allowed the operators to make millions of dollars secretly.
According to Google, it “operates by creating hidden browser windows that visit web pages to inflate ad revenue. The malware contains common IP-based cloaking, data obfuscation, and anti-analysis defenses. ”
The affected apps include popular ones too ranging from games to utility apps like smartphone flashlights and nutrition apps. Many of the implicated apps were specifically made for children too.