Skip to content

Ad Fraud revealed: 9 malicious apps to watch out for

  • by

Apple does its best to keep fraudulent apps out of its App Store, but its moderation efforts aren’t perfect. Malicious apps can – and do – slip through the net, and security research firm HUMAN is here to dish the dirt on a specific type of problem: ad fraud.

According to its latest reports, HUMAN has uncovered 75+ Android apps and 10+ iOS apps committing ad fraud in a variety of ways. Although Apple has been quick to remove these from the App Store, they racked up plenty of downloads, so you may want to check if you inadvertently installed any so you can delete them pronto.

Here’s the list of spoof apps known to contain ad fraud: Fire-Wall, Loot the Castle, Ninja Critical Hit, Racing Legend 3D, Rope Runner, Run Bridge, Shinning Gun, Tony Runs, Wood Sculptor.

But what actually IS ad fraud, and why should you be worried about it?

Ad fraud is a way for fraudsters to make money by abusing advertising networks, creating spoof apps that rack up false clicks from unwitting users, essentially using your device as a pawn in the operation.

Step one: knock off a popular app and use “code obfuscation” to hide your tracks. Step two: falsify ad impressions, for example by loading the app with hidden ads that sit just off screen. Step three: profit.

This is a vast oversimplification of a series of fraudulent operations known as Poseidon, Scylla, and Charybdis, which have been at play since 2019 and racked up more than 13 million downloads.

All in all, its the companies paying for advertising that get hurt the most by this type of thing – users aren’t usually targeted directly – but apps that run malicious background activities without your consent should be avoided at all costs. For starters, these apps can be detrimental to performance and waste your battery. Plus, you never know what else these crafty devs could be doing behind the scenes.

The full report is worth a read for more detail (warning: it gets very technical) but suffice to say the kind of apps that include app fraud can’t be trusted. Who knows what tricks they might pull next?