A massive mobile ad-fraud
operation, involving hundreds of malware-laden Android apps, has been uncovered by Oracle.
The scheme, “DrainerBot,” involved serving ads that were invisible to users, but that
burned through their data allotments and depleted their batteries. The affected apps -- including popular ones like “Perfect365” and “Draw Clash of Clans" -- have been downloaded
more than 10 million times.
The apps contained malicious software development tools that were apparently distributed by the company Tapcore, according to Oracle.
Tapcore boasts it can
help developers monetize apps that users have either pirated or obtained from unauthorized sources. The company says its software tools are in more than 3,000 apps.
While Tapcore is based in
the Netherlands, many company executives and employees are located in Russia, Latvia and the Ukraine, according to Tapcore's LinkedIn page.
Tapcore's code loads mobile video ads that are invisible to users on
their phones, according to Oracle. The ads appear on spoofed domains, but the app tells the ad network that the video ads appeared on legitimate sites.
Some people who downloaded the apps
realized they consumed large amounts of data -- although users didn't necessarily know why. Last September, one person who reviewed
Perfect365 -- an app that offers makeup tools -- wrote that it “goes insane periodically and eats through ton of data in the background.”
The app developers may not have been aware
of the nature of Tapcore's software, according to Chris Tsoufakis, senior director of software engineering at Oracle. “From what we can observe, it's definitely possible that the developers in
this case are victims,” he says.
Tapcore's website says the company will launch software for Apple devices this quarter. So far, Oracle researchers have only seen the malicious code on
Android apps.
DrainerBot was discovered after an investigation by Oracle's technology teams from its Moat and Dyn acquisitions. The company first learned of the scheme last summer through a
routine investigation, according to Tsoufakis.
Oracle estimates that the scheme could have cost consumers more than $100 a year in extra data charges, depending on their mobile plans. The
company hasn't estimated how much the operation could have cost advertisers.
The news comes as the prevalence of mobile ad fraud appears to be increasing. Late last year, BuzzFeed News published an investigation into a separate mobile fraud scheme involving more
than 125 Android apps that were downloaded more than 115 million times.
Oracle has posted more information about the scheme at info.moat.com/drainerbot.
The ad industry's Trustworthy Accountability Group will brief its members on Friday about the scheme and potential steps to combat it.