Tech News, Latest Technology, Mobiles, Laptops

1 Million Android Mobiles Hacked By Fraudsters To Watch Smart TV Ads


1 Million Android Mobiles Hacked By Fraudsters To Watch Smart TV Ads

In what’s been described as one of “the most sophisticated” fraud campaigns of its kind, hackers infected more than a million Android phones with malware that would fake views on ads in order to score funds for the malicious developers.

The scam, dating back to at least 2019, was revealed on Wednesday by fraud researchers at Human, a company formerly known as White Ops and recently acquired by Goldman Sachs. They found that 29 Android apps, most being marketed on Google’s official Play market, made infected Android devices appear to be smart TVs in order to serve 650 million ad requests a day. They then received payments from the ad providers, who were tricked into believing the ad views were real, when no person ever actually saw them. As many as 36 apps on Roku, the streaming TV platform, were also discovered to be part of the same scam, though, for unknown reasons, were not doing the same level of fraudulent ad impressions.

The apps themselves appeared benign too, but included a “software development kit” that created the faked ad views. Such kits provide tools for a quick and easy way for developers to get an app online, though they can contain code that hasn’t been checked for safety, as was the case here. One of the apps that included the fraudulent code was Any Light, a simple torch app that let users choose different light colors and had more than 10,000 downloads. Another infected app, with 100,000 downloads, was Sling Puck 3D Challenge, a simple game in which the player has to get all their pucks to the rival player’s side. Neither of the app developers had responded to requests for comment at the time of publication.

The pandemic proved a boon for streaming services and the fraudsters ramped up operations to cash in on the rise of at-home viewing. “The operators behind the operations took advantage of the recent shift to digital accelerated by the pandemic by hiding in the noise in order to trick advertisers and technology platforms into believing that ads were being shown on consumer streaming devices,” Human CEO Tamer Hassan told Forbes

The hackers were smart, creating “realistic pingbacks,” verifying the device was a “real” connected TV streaming service to avoid detection. They were also able to have a single Android device “rotate” to appear to be various connected TVs, “selling traffic to many different buyers while assuming many different identities,” Hassan said.

A Google spokesperson said they appreciated Human’s help on uncovering the scam, whilst Roku hadn’t commented at the time of publication. Human said all of the infected apps on the official marketplaces have now been removed. It has passed information about “key figures” in the fraud crew to law enforcement.