Does YOUR Mobile Device have a Secret Life?

Man shocked at his phone's secret lifeCountless millions of mobile devices are leading secret lives their owners are utterly unaware of. You may think your phone is happily slurping juice on your charger, or taking a well-deserved rest while you sleep…but instead it may be "viewing" as many as 1000 ads per hour, and downloading up to 4GB of data per day.

Ad Fraud is a searingly hot topic these days, but many people think it doesn't affect them. They believe it's just a nasty ripoff of advertisers by some nefarious activity that’s way too hard to understand. Think again - your own, much loved device may be in the thick of it, helping perpetrate billions of dollars of ad fraud a year.

Recently malware known as "Judy" was found on over 40 apps in Google Play, Google's official app store. Most of us know we shouldn't download apps from shifty sources. But official app stores, we think, are safe.

:: Judy malware between affected between 8.5 and 36.5 million users ::

This leads to a realization about something unique to mobile fraud - in the case of app fraud, we actually install the malware onto our device ourselves. Apps that we download, even from legitimate sources like Google Play, can contain malware that hijacks the mobile device and carries on malicious activity.

The authors of the malware benefit by having the hijacked devices perform actions that earn big money for them. In the case of the Judy malware, it was earning the bad guys up to $300,000 a month. Judy would open certain websites and then generate fake clicks on ads on the site.

In simple terms, click fraud works like this - marketers want to get their ads placed on websites that have visitors that fit their target demographic. So if a marketer makes a line of tools, they would probably want their ads placed on DIY websites because the people who visit those sites are likely prospects for those tools.

The marketer would probably not benefit much from having their ads shown on a teen fashion website. (Inappropriate placement of ads is a whole different kind of fraud, which we won't go into here.)

The DIY website shows the tool ads and gets paid every time a site visitor clicks one of those ads and heads over to the tool website. The tool marketer (via a complex arrangement of ad agencies, advertising networks, and marketing technology providers) is the one paying for those clicks.

:: With mobile app fraud, users install the malware themselves ::

So one way a criminal could make money would be to have a website that has the tool maker's ads on it. Then, by any number of means the criminal generates fake clicks on those ads. The tool company is then paying for fake clicks - clicks that are not made by real people who are actually interested in learning more about, and potentially purchasing the tools.

The criminal REALLY benefits if he can install malware onto unsuspecting user's devices when the user downloads an app. Then, with that app installed on multi-millions of devices, every device goes to work by opening the criminal's website and clicking away on the ads that get paid by the tool maker for each click.

:: Android is the most targeted OS ::

The Judy malware infected 41 apps developed by a Korean company known as Kiniwini. See the full list here. With names like "Fashion Judy", "Chef Judy", "Animal Judy", the moniker becomes obvious. 

Some apps by different developers were also infected by unclear means.  Ultimately the total spread of the Judy malware may have reached between 8.5 and 36.5 million users.

In February of 2016 a similar discovery was made in different apps also available via Google Play. That malware was known as a porn clicker Trojan. As you'd imagine, it clicked ads found on porn sites to earn illicit revenue for its creators.

:: Porn Clicker was found on 343 apps which were downloaded, on average, 3,600 times each ::

So how can you protect your phone from becoming an unwilling porn clicker, or a slave to Judy? First, only download from legit sources, like Google Play. Although the protection that Google Play provides isn't perfect, the store is constantly working to ferret out malware. Bad guys continue to invent new ways to implement their scams, so it's an ongoing battle.

Keep up to date on your patches. Look into an anti-virus, particularly if you have an Android device. Android phones and tablets are particularly vulnerable, and the most targeted of devices. Read reviews of apps before you download them, and avoid any that have bad reviews, even if they are free. ESPECIALLY if they are free.

According to a report by Nokia  (download required) 

  • Mobile device infection rates rose steadily throughout 2016, reaching an all-time high in October and growing 63% over the first half of the year
  • Further, smart phones were targeted most often in July through December, accounting for 85 percent of all mobile device infections and smart phone infections increased 83 percent during this period, compared to the first half of the year