Apple settles lawsuit with developer who exposed multi-million dollar App Store scam

Security researchers discovered 85 apps engaged in ad fraud; ten are on the App Store, and the other 75 are on Google Play. Combined, people downloaded them over 13 million times. They’re part of a new ad fraud campaign named “Scylla.”

The information comes from Bleeping Computer. According to the publication, researchers from HUMAN’s Satori Threat Intelligence team found 85 apps available on the App Store and Google Play that flood mobile users with ads – both visible and hidden – or generate revenue by “impersonating legitimate apps and impressions.”

The analysts believe Scylla is the third wave of an operation they found in August 2019 and dubbed ‘Poseidon’. The second wave, apparently from the same threat actor, was called ‘Charybdis’ and culminated towards the end of 2020.

Here are the ten apps found on the iOS App Store that offered adware:

  • Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
  • Run Bridge – com.run.bridge.race (id1584737005)
  • Shinning Gun – com.shinning.gun.ios (id1588037078)
  • Racing Legend 3D – com.racing.legend.like (id1589579456)
  • Rope Runner – com.rope.runner.family (id1614987707)
  • Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
  • Fire-Wall – com.fire.wall.poptit (id1540542924)
  • Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
  • Tony Runs – com.TonyRuns.game

According to Bleeping Computer, Satori researchers informed Apple and Google about these apps, and they have been removed from the App Store and Google Play. If by any chance you downloaded one of the apps, the best way to remove the adware is to simply erase the app from your device.

The publication explained a bit more about this malware, which, different from other kinds of viruses, is not exactly harmful to your device – since it only shows you ads – although it can be a door for other malware to infect your phone.

The Scylla apps typically used a bundle ID that doesn’t match their publication name, to make it appear to the advertisers as if the ad clicks/impressions come from a more profitable software category.

HUMAN’s researchers found that 29 Scylla apps imitated up to 6,000 CTV-based apps and regularly cycled through the IDs to evade fraud detection.

You can learn more about these scam apps making its way to the App Store and how these waves of invasion have been occuring for the past three years here.

Read more:

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

About the Author



José Adorno

@joseadorno

Brazilian tech Journalist. Author at 9to5Mac. Previously at tv globo, the main TV broadcaster in Latin America.

Got tips, feedback, or questions? jose@9to5mac.com

Read More