Users who recently bought a brand new Apple iPhone 13 during the Flipkart or Amazon sale need to ensure that they haven’t accidentally installed these fraudulent apps or adware on their devices. As far as malicious software goes, adware is generally less dangerous. The biggest inconvenience adware can provide is in the form of unwanted advertisements. Usually, this malicious software runs within a web browser on a computer, but it can also infect smartphones as well.
“Less dangerous” does not mean “harmless,” though, as the adware can still make way for more malicious programs on a device. Earlier in 2022, Red Canary researchers warned about the Chromeloader campaign that began its life as adware but later evolved into an information-stealing malware. VMware even published a technical report to inform users, while Microsoft warned the public via Twitter about the malicious code that was later termed DEV-0796.
Similarly, HUMAN’s Satori Threat Intelligence & Research team explained the details about adware that had executed its third wave of attack, which they’re calling “Scylla.” Its first attack appeared in 2019, and the researchers spotted its second wave in 2020 and named it Charybdis. The adware’s main purpose was to fool in-app advertisers into thinking that a certain shady app is a high-quality CTV-based app like Netflix and then charge more money for every click.
List of iPhone Apps With Adware That Users Need To Uninstall
The apps mentioned in the security researcher’s report have been removed from the Google Play Store and Apple App Store. While Android smartphones will see these apps deleted automatically, provided Google Play Protect is enabled, iPhone owners will need to delete them manually. While researchers found 10 fraudulent apps on the App Store, close to 75 such apps were present on the Google Play Store in comparison.
With tight regulations and a strict hold over the App Store, Apple seems to be more successful in limiting such adware-ridden apps from its digital store. Now, usually, users see an ad before it can be counted as viewed, but these apps mark them as viewed without showcasing them. Additionally, Scylla’s code managed to fake the clicks of a real user as well since, for advertisers, clicks are more important than impressions.
The entire process of tricking advertisers into thinking that a particular app is a different (usually expensive) one is called Bundle ID Spoofing. In a digital world where attracting and retaining user attention is a hard thing to achieve, it was only a matter of time before someone decided to find a devious workaround to this genuine and expensive market need. For future reference, always be on the lookout for apps that stay open in the background, drain your smartphone battery more than normal, and increase data usage. Delete or report them to avoid being part of any future adware campaign.