HUMAN Discovers and Disrupts Ad Fraud Scheme Impacting 89 Apps with More Than 13 Million Downloads from Google Play and Apple App Stores

Ad blocking detected

Thank you for visiting CanadianInsider.com. We have detected you cannot see ads being served on our site due to blocking. Unfortunately, due to the high cost of data, we cannot serve the requested page without the accompanied ads.

If you have installed ad-blocking software, please disable it (sometimes a complete uninstall is necessary). Private browsing Firefox users should be able to disable tracking protection while visiting our website. Visit Mozilla support for more information. If you do not believe you have any ad-blocking software on your browser, you may want to try another browser, computer or internet service provider. Alternatively, you may consider the following if you want an ad-free experience.

Canadian Insider Ultra Club
$500/ year*
Daily Morning INK newsletter
+3 months archive
Canadian Market INK weekly newsletter
+3 months archive
30 publication downloads per month from the PDF store
Top 20 Gold, Top 30 Energy, Top 40 Stock downloads from the PDF store
All benefits of basic registration
No 3rd party display ads
JOIN THE CLUB

* Price is subject to applicable taxes.

Paid subscriptions and memberships are auto-renewing unless cancelled (easily done via the Account Settings Membership Status page after logging in). Once cancelled, a subscription or membership will terminate at the end of the current term.

Sep 23, 2022 11:22 am
NEW YORK -- 

HUMAN Security, Inc. (formerly White Ops), the global leader in safeguarding enterprises from digital attacks with modern defense, today announced the discovery and disruption of a highly sophisticated fraud operation targeting advertising software development kits (SDKs) within 9 apps on the Apple App Store and 80 Android apps on the Google Play Store, which collectively have been downloaded more than 13 million times. The attack, nicknamed Scylla, is an adaptation of a fraud scheme first observed and disrupted by HUMAN’s Satori Threat Intelligence and Research Team in 2019. While the attack is ongoing and actively being monitored by the Satori team, HUMAN has collaborated with Apple, Google and others to take down the fraudulent apps from their respective app stores.

“Our number one goal is to protect our customers and the digital ecosystem from cybercriminals such as those behind these attacks. The only way we can do this is with modern defense where we can work together across the industry on disruptions like Scylla,” said HUMAN Co-Founder and CEO Tamer Hassan. “We will continue to remain vigilant for other similar attacks and harness the work of collective protection—where an attack on one is a protection event for all—disrupting the economics of cybercrime. That’s the only way we win.”

Scylla is the third wave of an operation HUMAN first uncovered in 2019, in which a collection of 40+ Android apps openly committed multiple types of ad fraud. That scheme, nicknamed Poseidon after elements of the code within the apps, was disrupted by the Satori team’s reverse engineering efforts, resulting in Google removing the apps from its Play Store. A 2020 adaptation of the scheme, nicknamed Charybdis after the daughter of Poseidon, incorporated additional code obfuscation and SDK targeting techniques.

Today’s announcement of the disruption of Scylla—named after the granddaughter of Poseidon—reflects a new evolution from the threat actors behind the scheme. While the Poseidon and Charybdis operations centered wholly on Android apps, the Satori team has found evidence that Scylla additionally targets iOS apps and has expanded the attack to other parts of the digital advertising ecosystem.

HUMAN’s Satori team worked closely with the Google Play Store and Apple App Store to ensure all of the apps identified as being associated with the Scylla operation have been removed from public access. HUMAN also closely collaborated with impacted advertising SDK developers to mitigate the impact of the operation to their processes and their advertising partners. Customers of HUMAN’s MediaGuard solution are protected from fraud associated with Scylla and with its predecessors.

Apps within the Scylla operation committed fraud through a variety of tactics, including:

  • App spoofing, in which the Scylla apps pretended to be other apps for the purpose of digital advertising,
  • Hidden ads, in which the apps would render advertisements in places a user couldn’t actually see them, and
  • Fake clicks, in which the apps would keep track of real clicks on advertisements in order to fake additional clicks later.

These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla. This is an ongoing attack, and users should consult the list of apps in the report and consider removing them from all devices. As this attack has evolved multiple times already, the Satori team has withheld certain details about the operation in order to better track and report on further adaptation.

HUMAN verifies the humanity of more than 15 trillion digital interactions per week, offering enterprises a platform with unmatched visibility into fraudulent activity across the Internet. HUMAN achieves this scale through its continued expansion in cybersecurity, including its recent merger with PerimeterX, now offering a suite of products to protect the complete digital customer journey. With new partners and enterprises now able to leverage the Human Defense Platform, comes an even deeper understanding of the cybercrime landscape, enabling HUMAN to adapt continuously, staying ahead of adversaries with modern defense (leveraging internet visibility, network effect, and disruptions), and safeguarding clients with collective protection against threat models they have yet to encounter.

The Satori team used numerous tools to identify Scylla and its operators, whose information has been shared with law enforcement. To learn more about the Scylla operation, visit the HUMAN blog.

About HUMAN

HUMAN is a cybersecurity company that safeguards 500+ customers from digital attacks including sophisticated bots, fraud and account abuse. We leverage modern defense—internet visibility, network effect, and disruptions—to enable our customers to increase ROI and trust while decreasing end-user friction, data contamination, and cybersecurity exposure. Today we verify the humanity of more than 15 trillion interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.

HUMAN Press Contact:
Ellyn Kirtley
Director of Communications
[email protected]
775.342.7063

Comment On!

140
Upload limit is up to 1mb only
To post messages to your Socail Media account, you must first give authorization from the websites. Select the platform you wish to connect your account to CanadianInsider.com (via Easy Blurb).