Mobile Ad Fraud ‘DrainerBot’ Consumes Large Amounts of Data

Dubbed DrainerBot, this malware consumes large amounts of data in Android devices. The ad fraud campaign uses malicious code to plays ads in the background of your phone. Infected apps can drain battery and up to 10GB of data a month, even when apps are not in use.

Oracle first published reports on DrainerBot Wednesday. According to them the firm, Tapcore, is at the center of this malicious malware.

The firm identifies pirated apps and offers help for software developers to make money off their pirated apps. However, Tapcore also does malicious work. They built anti-piracy code into their software development kit (SDK) which creates fake mobile sites to trick advertisement platforms into paying them for ad inventory. According to Tapcore’s website, their infected SDK has been installed in over 3,000 apps.

Eric Roza, SVP and GM of Oracle Data Cloud, says that this is the first time that a malware has affected consumers financially.

This malware has cost users upwards of hundreds in data bills. Affected users may not realize their phones have been infected because the video ads are invisible. Until their phone bill arrives that has been heavily charged consumers.

DrainerBot has been downloaded via apps at least ten million times. Many of these apps present as legitimate and pirated versions of popular apps. Some of the names include: ‘Draw Clash of Clans’, ‘Solitaire: 4 Seasons (Full)’, ‘Perfect365’, ‘VertexClub’, and ‘Touch ‘n’ Beat-Cinema’.

Kyle York, VP of product strategy at Oracle Cloud Infrastructure has stated:

“Mobile devices are a prime target with a number of potential infection vectors, which are growing increasingly complicated, interconnected, and global in nature. The discovery of the DrainerBot operation highlights the benefit of taking a multi-pronged approach to identifying digital ad fraud by combining multiple cloud technologies. Bottom line is both individuals and organizations need to pay close attention to what applications are running on their devices and who wrote them.”

 

Contact LIFARS today for Secure Code Review