Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

DrainerBot SKD Sucks Data and Battery From Android Devices

A major mobile ad fraud operation impacts millions of users through infected consumer applications, Oracle reveals. 

A major mobile ad fraud operation impacts millions of users through infected consumer applications, Oracle reveals. 

Dubbed DrainerBot, the nefarious operation relies on hidden and unseen video ads that are delivered to users to incur data overage charges. With over 10 gigabytes of data consumed per device each month, the cost likely rises to over $100 per year per device.

The DrainerBot code is being distributed through an infected Software Development Kit (SDK) that has been integrated into hundreds of popular consumer Android apps and games, including Perfect365, VertexClub, Draw Clash of Clans, Touch ‘n’ Beat – Cinema, and Solitaire: 4 Seasons (Full). The infected applications appear to have gathered over 10 million downloads to date. 

Once an infected application is installed, it can download fraudulent, invisible video ads to the device. The infected applications, Oracle reveals, report back to the ad network that the video advertisements come from a legitimate publisher site, but all sites are spoofed.

The fraudulent video ads are never displayed on screen and the user never sees them, but the apps consume both bandwidth and battery. According to Oracle, an infected app can consume over 10GB of data per month even if it is not in use or in sleep mode.

The infected SDK has been distributed by Tapcore, a company in the Netherlands that claims to help software developers monetize stolen or pirated installs of their apps (however, the fraudulent ad activity takes place on valid app installs as well). The company says its SDK is used in more than 3,000 apps and that it is serving over 150 million ad requests daily.

“DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers. DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices,” Eric Roza, SVP and GM of Oracle Data Cloud, said.

Users who downloaded the infected applications should notice that their devices get hot and that battery life drains quickly even when the phone is not in active use. A dramatic increase in data usage, sluggish performance and high application crash rates are also indicators of infection. 

Advertisement. Scroll to continue reading.

Related: Android Apps Carrying Windows Malware Yanked From Google Play

Related: Google Scours the Internet for Dirty Android Apps

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.