Security researchers discovered 10 "adware" apps on the App Store that were engaging in ad fraud, according to a report from Bleeping Computer. The apps were designed to generate revenue by impersonating legitimate apps and presenting a deluge of ads to iPhone users.
Discovered by HUMAN's Satori Threat Intelligence team, the mobile apps are part of an ad fraud campaign they're calling "Scylla." It is the third wave of a fraud operation first discovered in August 2019, which Apple has been fighting. The apps have been removed from the App Store at this point, but if you have the following apps installed, you should delete them:
- Loot the Castle - com.loot.rcastle.fight.battle (id1602634568)
- Run Bridge - com.run.bridge.race (id1584737005)
- Shinning Gun - com.shinning.gun.ios (id1588037078)
- Racing Legend 3D - com.racing.legend.like (id1589579456)
- Rope Runner - com.rope.runner.family (id1614987707)
- Wood Sculptor - com.wood.sculptor.cutter (id1603211466)
- Fire-Wall - com.fire.wall.poptit (id1540542924)
- Ninja Critical Hit - wger.ninjacriticalhit.ios (id1514055403)
- Tony Runs - com.TonyRuns.game
The apps committing ad fraud used a bundle ID that did not match their publication name, making it appear to advertisers that impressions came from a more profitable software category. The apps apparently imitated CTV-based apps, with IDs changing often to evade detection.
While 10 apps were found on the iOS App Store, more than 70 were found on Google's Play Store, and adware is a much more severe problem on Android devices. Apple's App Store review process was able to lessen the severity of the problem on iOS devices, but there are still apps that slip through.
Adware is more of an annoyance than a serious issue on the App Store, but it is something that iPhone owners should be aware of. Security researchers suggest that smartphone users should look for rapid battery drainage and increased internet data usage to spot apps that are fraudulently using ads in the future. Avoiding installing apps from suspicious developers is also a good idea.
Top Rated Comments
Developers wont benefit one bit from sideloading because apps will be pirated massively and a lot of those pirate apps will contain malware and user tracking ads.
As people point out, the only people who support sideloading on smart phones are:
- organized criminals spamming forums to demand sideloading.
- pirates who don’t want to pay for apps.
- just people with a bad grudge and a chip on their shoulder.
Edit: Let's remember that Apple went as far as to trash their own desktop OS in front of a judge to support their monopolistic practices in iOS: Craig Federighi says the Mac has an ‘unacceptable’ malware problem ('https://9to5mac.com/2021/05/19/craig-federighi-mac-malware-problem/')