Adware on Google Play, App Store Downloaded Over 13 Million Times

Security researchers from HUMAN’s Satori Threat Intelligence team have identified 75 apps on Google Play and 10 apps on the App Store engaged in ad fraud, resulting in over 13 million installations (via Bleeping Computer).

App stores

The researchers say they have identified a collection of mobile apps that are part of a new ad fraud campaign named ‘Scylla’. They believe Scylla is the third wave of an operation they found in August 2019 and dubbed ‘Poseidon’.

The second wave, apparently from the same threat actor, was called ‘Charybdis’ and culminated towards the end of 2020.

On Android devices, unless you have the Play Protect security option disabled, the apps should be detected automatically. For iOS, Apple is not clear on how to remove adware apps already installed on the device.

Human is recommending users remove the following fraudulent apps if present on their devices.

  • Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
  • Run Bridge – com.run.bridge.race (id1584737005)
  • Shinning Gun – com.shinning.gun.ios (id1588037078)
  • Racing Legend 3D – com.racing.legend.like (id1589579456)
  • Rope Runner – com.rope.runner.family (id1614987707)
  • Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
  • Fire-Wall – com.fire.wall.poptit (id1540542924)
  • Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
  • Tony Runs – com.TonyRuns.game

The researchers have already informed Google and Apple about their findings and the apps have already been removed from Google Play and App Store.