REDWOOD CITY, Calif., Feb. 20,
2019 /PRNewswire/ -- Oracle today announced the
discovery of and mitigation steps for "DrainerBot," a major mobile
ad fraud operation distributed through millions of downloads of
infected consumer apps. Infected apps can consume more than 10GB of
data per month downloading hidden and unseen video ads, potentially
costing each device owner a hundred dollars per year or more in
data overage charges.
DrainerBot was uncovered through the joint efforts of Oracle
technology teams from its Moat and Dyn acquisitions. Now part of
the Oracle Data Cloud, Moat offers viewability, invalid traffic
(IVT), and brand safety solutions, while Dyn enables DNS and
security capabilities as part of Oracle Cloud Infrastructure.
The DrainerBot code appears to have been distributed via an
infected SDK integrated into hundreds of popular consumer Android
apps and games1 like "Perfect365," "VertexClub,"
"Draw Clash of Clans," "Touch 'n' Beat – Cinema," and "Solitaire: 4
Seasons (Full)." Apps with active DrainerBot infections appear to
have been downloaded by consumers more than 10 million times,
according to public download counts.
Information About DrainerBot:
- DrainerBot is an app-based fraud operation that uses infected
code on Android devices to deliver fraudulent, invisible video ads
to the device.
- The infected app reports back to the ad network that each video
advertisement has appeared on a legitimate publisher site, but the
sites are spoofed, not real.
- The fraudulent video ads do not appear onscreen in the apps
(which generally lack web browsers or video players) and are never
seen by users.
- Infected apps consume significant bandwidth and battery, with
tests and public reports indicating an app can consume more than 10
GB/month of data or quickly drain a charged battery, even if the
infected app is not in use or in sleep mode.
- The SDK being used in the affected apps appears to have been
distributed by Tapcore, a company in the
Netherlands.
- Tapcore claims to help software developers monetize stolen or
pirated installs of their apps by delivering ads through
unauthorized installs, although fraudulent ad activity also takes
place after valid app installs.
- On its website, Tapcore claims to be serving more than 150
million ad requests daily and says its SDK has been incorporated
into more than 3,000 apps.
Supporting Quotes:
"Mobile app fraud is a fast-growing threat that touches every
stakeholder in the supply chain, from advertisers and their
agencies to app developers, ad networks, publishers, and,
increasingly, consumers themselves," said Mike Zaneis, CEO of the Trustworthy
Accountability Group (TAG). "These types of fraud operations cross
all four of TAG's programmatic pillars, including fraud, piracy,
malware, and transparency, and preventing such operations will
require unprecedented cross-industry collaboration. As the ad
industry's leading information-sharing body, we are delighted to
work with Oracle to educate and inform TAG's membership about this
emerging threat."
"DrainerBot is one of the first major ad fraud operations to
cause clear and direct financial harm to consumers," said
Eric Roza, SVP and GM of Oracle Data
Cloud. "DrainerBot-infected apps can cost users hundreds of dollars
in unnecessary data charges while wasting their batteries and
slowing their devices. We look forward to working with companies
across the digital advertising ecosystem to identify, expose, and
prevent this and other emerging types of ad fraud."
"Mobile devices are a prime target with a number of potential
infection vectors, which are growing increasingly complicated,
interconnected, and global in nature," said Kyle York, VP of product strategy, Oracle Cloud
Infrastructure. "The discovery of the DrainerBot operation
highlights the benefit of taking a multi-pronged approach to
identifying digital ad fraud by combining multiple cloud
technologies. Bottom line is both individuals and organizations
need to pay close attention to what applications are running on
their devices and who wrote them."
Resources:
Detailed information and mitigation resources for DrainerBot can
be found at info.moat.com/drainerbot, including:
- Information and advice for consumers on identifying
potentially-infected apps on their devices, as well as general
device security tips;
- Access to a list of app IDs that have shown DrainerBot
activity; (Note: Not all apps listed may currently be
infected)
- Access to the DrainerBot SDK, as well as related
documentation;
- Access to sample infected APKs for use by antivirus and
security providers to identify and mitigate the DrainerBot
threat.
Oracle Data Cloud's Moat Analytics helps top advertisers and
publishers measure and drive attention across trillions of ad
impressions and content views, so they can avoid invalid traffic
(IVT), improve viewability, and better protect their media spend.
Among those solutions, Pre-Bid by Moat helps marketers identify and
utilize ad inventory that meets their high standards for IVT,
third-party viewability, and brand safety.
Oracle Cloud Infrastructure
edge services (formerly Dyn) offer managed Web Application
Security, DNS, and Internet Intelligent services that help
companies build and operate a secure, intelligent cloud edge,
protecting them from a complex and evolving cyberthreat
landscape.
About Oracle Data Cloud
Oracle Data Cloud helps marketers use data to capture consumer
attention and drive results. Used by 199 of the 200 largest
advertisers, our Audience, Context and Measurement solutions extend
across the top media platforms and a global footprint of more than
100 countries. We give marketers the data and tools needed for
every stage of the marketing journey, from audience planning to
pre-bid brand safety, contextual relevance, viewability
confirmation, fraud protection, and ROI measurement. Oracle Data
Cloud combines the leading technologies and talent from Oracle's
acquisitions of AddThis, BlueKai, Crosswise, Datalogix, Grapeshot,
and Moat.
About Oracle Cloud Infrastructure
Oracle Cloud
Infrastructure is an enterprise Infrastructure as a Service (IaaS)
platform. Companies of all sizes rely on Oracle Cloud to run
enterprise and cloud native applications with mission-critical
performance and core-to-edge security. By running both traditional
and new workloads on a comprehensive cloud that includes compute,
storage, networking, database, and containers, Oracle Cloud
Infrastructure can dramatically increase operational efficiency and
lower total cost of ownership. For more information,
visit https://cloud.oracle.com/iaas.
About Oracle
The Oracle Cloud offers a
complete suite of integrated applications for Sales,
Service, Marketing, Human Resources, Finance, Supply Chain and
Manufacturing, plus Highly-Automated and Secure Generation 2
Infrastructure featuring the Oracle Autonomous
Database. For more information about Oracle (NYSE: ORCL),
please visit us at oracle.com.
Trademarks
Oracle and Java are registered trademarks
of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
1 All of the apps identified have recently generated
fraudulent DrainerBot impressions identified by Moat
Analytics.
View original content to download
multimedia:http://www.prnewswire.com/news-releases/oracle-exposes-drainerbot-mobile-ad-fraud-operation-300798500.html
SOURCE Oracle