Is Your Adserver Really Malware?
Adserver Yingmob may be the first, but it won’t be the last, to sell ad services to marketers while also defrauding their customers. So says Check Point, a vendor with “mobile threat” researchers who believe other criminals will initiate “attack campaigns” that install fraudulent apps, create false ad clicks and steal data from mobile devices, including from enterprise software programs — such as work emails — that are running on those devices.
That’s exactly what the criminal arm of the reportedly otherwise legitimate Chinese adserver, Yingmob, did to 85 million mobile devices, according to Check Point research published on July 1. (Opens as a PDF)
“From HummingBad to Worse” says the malware took over mainly Android devices and created fraudulent referral traffic to Google Play and installed apps that created false ad clicks — generating $300,000 a month for themselves. However, Check Point predicts that the data the malware finds may be for sale to the highest bidder as an additional source of revenue.
Yingmob also created malware for iPhones, but Engadget reports on Tuesday that Apple quickly blocked it.
Check Point says it first discovered the malware on Android devices that got infected via porn apps, but that that wasn’t the only way for the malware to take root. Check Point called the other infection route a “drive-by” occurrence. And it doesn’t just take a naïve user to install it — though that helps.
HummingBad is a malware that starts a chain reaction that Check Point says can include “installing key-logger, capturing credentials and even bypassing encrypted email containers used by enterprises.”
In just one of the steps of the chain reaction, HummingBad “starts the advertisement networks used by the app. Different variations of HummingBad use different ad networks, such as Mobvista, Cheetah, Apsee or Startapp.”
The malware is encrypted, so Check Point says: “Without the ability to detect and stop suspicious behavior, these millions of Android devices and the data on them remain exposed.”
Engadget also reports that Google says: "We've long been aware of this evolving family of malware and we're constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe."
What do you think, marketers?
Please respond in the comments section below.