Aplicații rău intenționate cu milioane de descărcări găsite în Apple App Store, Google Play

Actorii amenințărilor din spatele unei operațiuni de aplicații de publicitate rău intenționate recent descoperite sunt activi cel puțin din 2019, dar cercetătorii care urmăresc raportul lor de evoluție, grupul a devenit mai sofisticat, extinzându-se dincolo de atacurile sale anterioare specifice Android în ecosistemul iOS.

The latest campaign, according to researchers with Human Security’s Satori research team, included 80 Android Apps lurking in the Google Play store and, notably, 9 in the Apple App Store. All together, the team reported the malicious applications were downloaded at least 13 million times.

Odată descărcat, fișierul aplicații rău intenționate spoof other apps to rack up digital ad views, play hidden ads the user couldn’t see to gain fraudulent views, and even track legitimate ad clicks to hone the group’s ability to fake them more convincingly later.

Echipa de cercetare, care a semnalat aplicațiile pentru eliminarea din magazinele oficiale, numește această ultimă iterație a grupului de atac Scylla. Cea mai veche versiune a grupului a fost numită Poseidon, apoi Charybdis. Scylla este al treilea val de atacuri de la actorii amenințărilor, a explicat echipa Human în raportul lor.

“Today’s announcement of the disruption of Scylla — named after the granddaughter of Poseidon — reflects a new evolution from the threat actors behind the scheme,” the Human team said about the find. “While the Poseidon and Charybdis operations centered wholly on Android apps, the Satori team has found evidence that Scylla additionally targets iOS apps and has expanded the attack to other parts of the digital advertising ecosystem.”

Human Security worked with Google and Apple to remove the malicious applications and is continuing to work with advertising software development kit developers to mitigate the campaign’s fallout.

“These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla,” the Human team added. “This is an în curs de desfășurare attack, and users should consult the list of apps in the report and consider removing them from all devices.”