The sheer number of mobile apps that roll out on the likes of the App Store and the Google Play Store every day means there will be no stopping a certain number of scam apps breaking through the security defenses of the stores and becoming available to download through official channels. It’s extra unfortunate, however, when these scammy apps go on to be downloaded millions of times, which is exactly what has happened here. This is what you need to know.
Cybersecurity analysts from the firm HUMAN Security have found 80 Android apps and 9 iOS apps comprising of games, screensavers, and camera apps containing scammy adware, which have been downloaded a whopping 13 million times.
According to HUMAN, the scammy apps commit multiple types of ad fraud such as showing ads where they are not supposed to be, pretending to be aps when they are not, creating fake clicks and taps to drive fraudulent engagement.
As well as the blog post explaining the details of the fraud perpetrated by the scammy apps, HUMAN has also released a detailed report, which includes the complete list of apps you need to look out for, which you can find here.
The security specialists have called the threat Scylla, describing and as an ongoing threat because some of the apps are still active. The HUMAN researchers say:
“These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla.”
Fortunately, the HUMAN research team say that they have worked hard with Google and Apple to make sure that all of the scammy apps have been removed from the Google Play and Apple App Stores. Unfortunately, however, as previously mentioned, there are still a few of these apps that remain active on the phones of unsuspecting users who downloaded them. This means, if you have downloaded any apps recently and noticed some strange behavior on your device, you should consult the full list we linked to above to see if any of the apps on your phone are included in it.
In other recent cybersecurity news, a new phishing attack has been discovered, which is leveraging LinkedIn Smart Links to get around email security.
