- Sockings was a system of massive advertising fraud involving more than 224 AI theme that generated false views and advertising clicks
- The applications have been downloaded more than 38 million times worldwide, culminating at 2.3 billion AD candidacy requests per day
- Google has deleted applications and alerted affected users
Safety researchers from the Human STORI Threat Intelligence and Research Team, as well as Google, have discovered and dismantled a gigantic announcement and click on a fraud operation, with hundreds of applications, millions of downloads and billions of daily advertising offers.
The operation revolved around the fact that the victims generated false views and clicks, essentially frauding advertisers and advertising networks of their money.
The threat actors have created at least 224 AIA applications (although researchers have declared that the number of applications has increased day by day), all hosted on Google Play Store.
Delete apps
If a victim downloaded it via an ad (as opposed directly to the repository), the application would download a malicious payload called fatmodule, which created invisible websites (integrated browsers).
These browsers, hidden at the sight of the victims, charge websites belonging to the attackers, who are often either false new sites or HTML5 games. Once loaded, web views would simulate clicks and prints of ads, essentially transformed the smartphone compromised into a ghost click farm.
The researchers nicknamed the Slonge operation.
Collectively, applications have been downloaded more than 38 million times, from 228 different countries and territories (the whole world, practically). At its peak, the Slocks represented 2.3 billion requests for tenders per day, explained the man moreover, declaring that traffic from applications associated with slogans from all over the world.
However, most of the traffic is from the United States (30%), India (10%) or Brazil (7%).
Human informed Google of their results and the search engines giant has deleted all the identified applications of Google Play. In addition, the company said that it had informed all those who had installed one of the malicious applications, suggesting that the victims will immediately remove them from their devices.
However, this does not mean that Slows is done for good: “Sophistication of Slocks suggests that threat actors will probably adapt their program to try to continue to defraud the digital advertising ecosystem”, warned Human.
