Oracle says hidden advertising code "DrainerBot" targets Android phones, draining batteries and costing

According to a researcher from the Oracle technology company, an adware could be responsible for the use of mobile data by millions of Android users and the loss of battery life of their device.

The code, which, according to Oracle Wednesday, is at the heart of a massive advertising fraud operation called "DrainerBot," is to discreetly download gigabytes of video ads to a consumer's smartphone, and then to display them – in an invisible way – to users of infected applications. by the bot.

The software concerns hundreds of Android apps collectively downloaded over 10 million times, the researchers said.

Because invisible ads rely on the mobile data connection and the phone's processing power, the bot can generate more than 10GB of additional data usage per month, Oracle explained, exposing some mobile phone users to fees. overflow.

Consumers are not the only ones potentially injured by the bot, said Eric Roza, executive vice president at Oracle. The bot wastes marketing money by selling ads that nobody sees, and tarnishes app developers who probably did not know about it, he said.

"It's a crime with three layers of victims," ​​he said in an interview. "I had never seen anything like it before."

Oracle researchers discovered DrainerBot last summer when network analysts reported a suspicious increase in data traffic from some Android devices. Soon, the company assigned the bot code to a Dutch company specializing in anti-piracy applications.

The Dutch company Tapcore issued Wednesday a statement in which it declared not to be involved in this project. Tapcore's main business is to help app developers get paid, through advertising, when hackers use their apps illegally.

"Tapcore firmly denies any intentional involvement in this so-called advertising fraud scheme and is extremely surprised by Oracle's findings. We have already launched a large-scale internal investigation to get to the bottom of things and will provide updates as soon as they are available. "

Tapcore software is normally integrated with other applications prior to publication, and only serves users who have purchased illegally, according to its website. For example, downloading an application containing the Tapcore code from the Google Play Store is not intended to trigger the ad. Tapcore's offer to advertisers does not seem to mention the ad robot.

In a statement released Wednesday, Google announced that it blacklisted all infected applications identified by Oracle and investigated the two remaining applications cited by Oracle that were still active on the Google Play Store. Other applications on the Oracle list never appear on the Google app store or have been removed previously for other reasons.

"The Google Play developer rules prohibit misleading and malicious behavior on our platform. If an application violates our rules, we take action, "said Google.

There is little reason to expect application developers or application store operators to have detected DrainerBot during the normal development process, Oracle said.

[It’s not your imagination. Phone battery life is getting worse.]

After sleeping for a while in an infected application, the infected software kit distributed by Tapcore was programmed to address a server and download the additional code that finally activated DrainerBot. Oracle said the intentional delay was likely making it more difficult to detect the plot. Oracle said it was notifying the public of the advertising fraud operation in order to protect the value of legitimate advertising.

Advertising industry groups should inform marketers about DrainerBot later this week.

"We are excited to be working with Oracle to inform and inform TAG members about this emerging threat," said Mike Zaneis, Managing Director of the Trustworthy Accountability Group, led by companies such as Disney, Google, and Facebook.