Man there’s nothing I love more than finding out that the App Store I download all my things off is a minefield full of fraud and impersonation. Cool!
In a report conducted by Bleeping Computer, we’ve learned that at least 10 “adware” apps were discovered by a team of security researchers, let’s take a look.
The team, HUMAN’S Satori Threat Intelligence team, has provided a list of apps that were taking part in an ad fraud campaign called “Scylla”. This sounds so spooky and legit.
This Scylla campaign was discovered back in August of 2019 with Apple still fighting to find all the different fraud apps – luckily this list of apps has already been deleted so if you happen to have any of these please delete them:
- Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
- Run Bridge – com.run.bridge.race (id1584737005)
- Shinning Gun – com.shinning.gun.ios (id1588037078)
- Racing Legend 3D – com.racing.legend.like (id1589579456)
- Rope Runner – com.rope.runner.family (id1614987707)
- Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
- Fire-Wall – com.fire.wall.poptit (id1540542924)
- Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
- Tony Runs – com.TonyRuns.game
So, let’s quickly go over what exactly these fraud apps were frauding. The report over at Bleeping Computer breaks it down a bit:
The Scylla apps typically used a bundle ID that doesn’t match their publication name, to make it appear to the advertisers as if the ad clicks/impressions come from a more profitable software category.Bleeping Computer
This seems like a classic case of fraud to me, basically disguising the apps and trojan horsing their way into a more profitable app category. Now I previously said Apple has been fighting to locate all of the Scylla apps since 2019, and this explains why:
HUMAN’s researchers found that 29 Scylla apps imitated up to 6,000 CTV-based apps and regularly cycled through the IDs to evade fraud detection.Bleeping Computer
So the apps on iOS App Store were actively dodging Apple’s detection techniques and some are still out there, so clearly it’s at least partially working.
One slight positive is that per this report, it’s clear that Apple’s App Store security is at least slightly better than the Google Play Store. Whilst 10 Scylla apps were found present on the App Store, there have been over 70 found on the Play Store. Dang.
Of course the Play Store is wayyy more saturated, and Apple has always at least tried to make the App Store a bit more secure and curated but sheesh.
Luckily, these types of adware apps are more annoying than an actual security threat – but we should all still be on the lookout for anything fishy. Random battery drain, spiking internet data usage and suspicious developers are all good signs to watch for. Good luck out there.