Invisible Ad Fraud Targets Korean Android Users

Written by

Cybersecurity experts have discovered a new adware campaign specifically targeting Korean Android users. 

The discovery by McAfee’s Mobile Research Team shed light on a trend where certain apps distributed through Google Play discreetly load ads while the user’s device screen is turned off.

In an advisory published last Friday, the security researchers said that, on the surface, this might seem like a hassle-free way for developers to generate profits without subjecting users to intrusive ads. 

However, the practice clearly violates Google Play Developer policies, which dictate how ads should be displayed. Such malicious ad-loading defrauds advertisers who unknowingly pay for invisible ads and adversely affect users in multiple ways.

The team identified 43 rogue apps involved in this ad fraud, collectively amassing 2.5 million downloads. Popular categories like TV/DMB players, music downloaders, news and calendar apps were among the affected applications.

Read more about similar apps: Minecraft Clones with 35 Million Installs Contained Adware

The ad fraud library used by these apps is technically sophisticated, employing delay tactics to evade detection and inspection. Additionally, the fraudulent behavior can be remotely modified and pushed using Firebase Storage or Messaging service, adding a layer of complexity to identifying the rogue apps.

McAfee added that once installed, the adware seeks specific permissions like “power saving exclusion” and “draw over other apps,” enabling covert activities in the background. This opens the door to further malicious behavior, such as displaying phishing pages and ads without the user’s awareness.

When the device screen is turned off, the ad fraud kicks into action, fetching and loading ads, all while users remain oblivious. The library registers device information and accesses unique domains to retrieve advertisement URLs from Firebase Storage, draining battery life and consuming mobile data.

McAfee promptly reported these apps to Google, leading to swift action by the tech giant. Many of the apps have been removed from the Play Store, while others received updates to comply with Google’s policies.

Editorial image credit: sdx15 /

What’s hot on Infosecurity Magazine?