A major mobile ad fraud operation impacts millions of users through infected consumer applications, Oracle reveals.
Dubbed DrainerBot, the nefarious operation relies on hidden and unseen video ads that are delivered to users to incur data overage charges. With over 10 gigabytes of data consumed per device each month, the cost likely rises to over $100 per year per device.
The DrainerBot code is being distributed through an infected Software Development Kit (SDK) that has been integrated into hundreds of popular consumer Android apps and games, including Perfect365, VertexClub, Draw Clash of Clans, Touch ‘n’ Beat – Cinema, and Solitaire: 4 Seasons (Full). The infected applications appear to have gathered over 10 million downloads to date.
Once an infected application is installed, it can download fraudulent, invisible video ads to the device. The infected applications, Oracle reveals, report back to the ad network that the video advertisements come from a legitimate publisher site, but all sites are spoofed.
The fraudulent video ads are never displayed on screen and the user never sees them, but the apps consume both bandwidth and battery. According to Oracle, an infected app can consume over 10GB of data per month even if it is not in use or in sleep mode.
The infected SDK has been distributed by Tapcore, a company in the Netherlands that claims to help software developers monetize stolen or pirated installs of their apps (however, the fraudulent ad activity takes place on valid app installs as well). The company says its SDK is used in more than 3,000 apps and that it is serving over 150 million ad requests daily.
“DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers. DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices,” Eric Roza, SVP and GM of Oracle Data Cloud, said.
Users who downloaded the infected applications should notice that their devices get hot and that battery life drains quickly even when the phone is not in active use. A dramatic increase in data usage, sluggish performance and high application crash rates are also indicators of infection.
Related: Android Apps Carrying Windows Malware Yanked From Google Play
Related: Google Scours the Internet for Dirty Android Apps
Ionut Arghire is an international correspondent for SecurityWeek.
Tags: 
