DrainerBot Mobile Ad
Fraud Operation Uncovered
Oracle has discovered and
provided mitigation steps for "DrainerBot," a major mobile
ad fraud operation distributed through millions of downloads
of infected consumer apps. Infected apps can consume more
than 10GB of data per month downloading hidden and unseen
video ads, potentially costing each device owner a hundred
dollars per year or more in data overage charges.
"Mobile app fraud is a
fast-growing threat that touches every stakeholder in the
supply chain, from advertisers and their agencies to app
developers, ad networks, publishers, and, increasingly,
consumers themselves," said Mike Zaneis, CEO of the
Trustworthy Accountability Group (TAG). "These types of
fraud operations cross all four of TAG's programmatic
pillars, including fraud, piracy, malware, and transparency,
and preventing such operations will require unprecedented
cross-industry collaboration. As the ad industry's leading
information-sharing body, we are delighted to work with
Oracle to educate and inform TAG's membership about this
•The infected app reports back to the ad network that each video advertisement has appeared on a legitimate publisher site, but the sites are spoofed, not real.
•The fraudulent video ads do not appear onscreen in the apps (which generally lack web browsers or video players) and are never seen by users.
•Infected apps consume significant bandwidth and battery, with tests and public reports indicating an app can consume more than 10 GB/month of data or quickly drain a charged battery, even if the infected app is not in use or in sleep mode.
•The SDK being used in the affected apps appears to have been distributed by Tapcore, a company in the Netherlands.
•Tapcore claims to help software developers monetize stolen or pirated installs of their apps by delivering ads through unauthorized installs, although fraudulent ad activity also takes place after valid app installs.
•On its website, Tapcore claims to be serving more than 150 million ad requests daily and says its SDK has been incorporated into more than 3,000 apps.