Advertising hijacking made by Invisible rogue mobile apps are wasting petabytes of data a day

Mobile Malware is growing and crooks are targeting the advertising industry to redirect users to ad pages in a sort of Advertising hijacking.

Mobile Malware is growing and crooks are targeting the advertising industry with malicious codes able to redirect users to ad pages, this practice is known as Advertising hijacking. These “rogue mobile apps” are wasting petabytes of data a day, and some researchers estimated that the phenomena are inflicting US$1 billion in damages this year.

It has been estimated that 5000 malicious mobile applications (IOS + Android) are presenting ads, with the scheme of hiding the ad and reload it without the user’s knowledge, even if the users is not using the mobile application, generating revenues for fraudsters. This scheme is effective mainly because it simulates the human interaction.

Mike Andrews, Antoni Kolev, David Sendroff, and Matt Vella, researchers from New York outfit Forensiq explained that the “rogue mobile apps” are generating 20 ads per minute (700 per hour), a legitimate app that serves some ads generates one ad every 1 minute.

So many ads are generating much traffic per day in mobile devices, and it’s affecting around 15% of the apps in the market.

 “Fraudulent apps were observed selling traffic through most major ad exchanges and networks. These apps would establish on average 1100 connections per minute and communicate with 320 ad networks, ad servers, exchanges and data providers in the course of an hour,” states the report published by the researchers.

 “Based on the traffic we observed, we estimate that mobile device hijacking will cost advertisers more than $857 million in 2015 … we project that the annual impact of in-app fraud will surpass the $1 billion mark globally in 2015.”

The financial impact to advertisers is huge, instead of advertising their product the rogue applications, they are hijacking the mobile devices causing losses in the business. The experts estimate that advertisers in iOS will lose $363 million, for Android losses are $480 million, and for Windows Mobile $14 million.

The study revealed that antivirus solutions are unable to detect this advertising hijacking technique.

“Forensiq analyzed ad traffic from thousands of apps available on Google Play, Apple’s App Store as well as third party app marketplaces. We observed fraudulent apps operating on both Android and iOS platforms.”

Based on the results of the analysis, they concluded that 13.3% of mobile app inventory and 14.6% of mobile apps exhibiting high levels of risk.

 

Let’s close the post with a note, it is expected that within 2016 the number of these type of applications will continue to grow, and the mobile advertising will overtake the desktop advertising.

Enjoy the report.

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Pierluigi Paganini

(Security Affairs – Advertising hijacking, cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6…

3 hours ago

China-linked APT Salt Typhoon has breached telcos in dozens of countries

China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt…

4 hours ago

Black Basta ransomware gang hit BT Group<gwmw style="display:none;"></gwmw>

BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a…

14 hours ago

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Germany's largest crime marketplace, Crimenetwork, has been shut down, and an administrator has been arrested.…

16 hours ago

Veeam addressed critical Service Provider Console (VSPC) bug

Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers…

21 hours ago

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks…

1 day ago

This website uses cookies.