Google Play apps with over 10 million installations, dump batteries, increase data transmission costs

Is your Android phone warm to the touch, does it look slow, does it need frequent charging, or does it use a lot more data than before? It could be a victim of DrainerBot, a major fraud operation distributed via Google Play applications with more than 10 million downloads, researchers said Wednesday.

The applications responded to a wide variety of interests, from makeup and beauty to mobile gaming. Under the hood, apps are downloading video ads hidden on phones, which consume up to 10GB of bandwidth per month. Although videos are never viewed or viewed by anyone, downloads generate fraudulent advertising revenue each time a legitimate end-user device appears to view a video while visiting a publisher's site. fraudulent but legitimate.

"DrainerBot is one of the first major advertising fraud operations to cause clear and direct financial harm to consumers," said Eric Roza, senior vice president and general manager of Oracle Data Cloud, which put at the day the stratagem. "DrainerBot-infected applications can cost users hundreds of dollars worth of unnecessary data while wasting their batteries and slowing down their devices."

Phone owners are not the only victims of the DrainerBot. Apps charge advertisers for video downloads that are never viewed, which hurts publishers whose domains are falsified.

Oracle said that hundreds of popular Android consumer apps and games had been infected with the DrainerBot code or had already been and that they had been installed together more than 10 million times. The company has provided the names of just five of the infected apps: Perfect365, VertexClub, Draw Clash of Clans, Touch 'n' Beat – Cinema and Solitaire: 4 Seasons. While the company provides a comprehensive list to security researchers, a spokeswoman declined to provide it to Ars. All applications found by Oracle are not currently infected, the spokeswoman said.

Am I infected?

There are several ways to determine if your device is running an infected application. The best method is to verify that installed applications use a lot of data. To do this, from Android 9, go to Settings> Network and Internet> Working with Data> Using Application Data. Then see how much data applications at the top of the list consume in the background. DrainerBot applications may consume data per gigabyte per month.

Applications infected with DrainerBot are also lethargic and the devices are hot even when they are not used.

Of the five apps identified by Oracle as infected, only Solitaire: 4 Seasons (Full) still seemed available on Play. In general, Google quickly deletes abusive applications once they have been reported. The company continues to fight to prevent them from entering the market.

According to Oracle, DrainerBot appears to be distributed through a software development kit provided by Tapcore, a Dutch-based company that helps developers generate revenue from pirated versions of their applications. The Tapcore website does not allow journalists to send questions and business representatives have not responded to a Twitter message.