Oracle: Major ad scam 'DrainerBot' is rinsing Android users of their battery life and data
App piracy fighter Tapcore strenuously denies involvement
A major ad fraud operation could be sucking your phone of juice and using up more than 10GB of data a month by downloading hidden vids, Oracle has claimed.
The database vendor has dubbed the dodgy data slurper DrainerBot, and said it uses infected code on Android devices to deliver fraudulent, invisible video ads. Infected apps consume "significant bandwidth and battery", Big Red said.
The discovery was made by teams in two of Oracle's fairly recent acquisitions – ad-tracking biz Moat and internet infrastructure outfit Dyn – after they spotted significant increases in browsing activity from Android apps.
3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a dayREAD MORE
The firm reckons the DrainerBot code was distributed via an infected SDK integrated into "hundreds of popular consumer Android apps and games".
Infected apps – which have been removed from Google's Play Store – were said to include augmented reality beauty app Perfect365, Draw Clash of Clans for sketching characters from the game, music app Touch 'n' Beat – Cinema, and VertexClub. Oracle said they had collectively been downloaded by users more than 10 million times.
Once an app has been downloaded, a code update brings new functions and this triggers the fraudulent ad videos. These ads don't appear onscreen – so users will be unaware of the scam – but Oracle said they will slow down other sites loading, consume more than 10GB of data a month and can easily drain a charged battery. Moreover, the firm said the ads can still be running even if the app isn't in use or is in sleep mode.
Meanwhile, the app is driving fake ad impressions, as it reports back to the ad network that each video advertisement has appeared on a legitimate publisher site – sites Oracle said are, in fact, spoofed.
Ad fraud isn't new, but Oracle said that this particular type of behaviour could be unique because of the impact it had on mobile users, as well as on advertisers and publishers.
"DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers," said Eric Roza, senior veep of Oracle Data Cloud. "DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices."
Oracle said the SDK "appeared" to have been distributed by Dutch firm Tapcore – significant because of the company's purported involvement in detecting and tackling ad fraud.
The firm, founded in 2015, allows app developers to detect pirated installations of their apps, and then displays targeted ads to the pirated user – giving the app developers the chance to earn cash from ad impressions.
The Tapcore code is, according to its site, incorporated into some 3,000 apps – but ads are only supposed to be shown to users if they have downloaded a pirated copy of the app.
In response to Oracle's claims, it issued a strong denial of its involvement, saying it was "extremely surprised and alarmed by the allegations and attempt to connect the company" with DrainerBot.
"At the moment of first hearing about the DrainerBot ad fraud scheme, Tapcore began immediate internal investigation to see whether any such code was ever distributed through its network without its knowledge," the Dutch firm said in a statement.
"The company is ready to cooperate with all interested parties and provide all results on its findings. Openness and transparency is paramount in the mobile advertising industry, and Tapcore is prepared to share all data and results."
The DrainerBot reveal follows a major ad fraud operation known as 3ve, which was uncovered last year. At its peak the scam was said to have used 1.7 million hijacked devices to generate fake ad clicks.
We've asked Google for comment. ®
Sponsored: Becoming a Pragmatic Security Leader