TMCnet News

Oracle Exposes "DrainerBot" Mobile Ad Fraud Operation
[February 20, 2019]

Oracle Exposes "DrainerBot" Mobile Ad Fraud Operation


REDWOOD CITY, Calif., Feb. 20, 2019 /PRNewswire/ -- Oracle today announced the discovery of and mitigation steps for "DrainerBot," a major mobile ad fraud operation distributed through millions of downloads of infected consumer apps. Infected apps can consume more than 10GB of data per month downloading hidden and unseen video ads, potentially costing each device owner a hundred dollars per year or more in data overage charges.

Oracle Logo (PRNewsfoto/Oracle)

DrainerBot was uncovered through the joint efforts of Oracle technology teams from its Moat and Dyn acquisitions. Now part of the Oracle Data Cloud, Moat offers viewability, invalid traffic (IVT), and brand safety solutions, while Dyn enables DNS and security capabilities as part of Oracle Cloud Infrastructure.

The DrainerBot code appears to have been distributed via an infected SDK integrated into hundreds of popular consumer Android apps and gameslike "Perfect365," "VertexClub," "Draw Clash of Clans," "Touch 'n' Beat – Cinema," and "Solitaire: 4 Seasons (Full)." Apps with active DrainerBot infections appear to have been downloaded by consumers more than 10 million times, according to public download counts.

Information About DrainerBot:

  • DrainerBot is an app-based fraud operation that uses infected code on Android devices to deliver fraudulent, invisible video ads to the device.
  • The infected app reports back to the ad network that each video advertisement has appeared on a legitimate publisher site, but the sites are spoofed, not real.
  • The fraudulent video ads do not appear onscreen in the apps (which generally lack web browsers or video players) and are never seen by users.
  • Infected apps consume significant bandwidth and battery, with tests and public reports indicating an app can consume more than 10 GB/month of data or quickly drain a charged battery, even if the infected app is not in use or in sleep mode.
  • The SDK being used in the affected apps appears to have been distributed by Tapcore, a company in the Netherlands.
  • Tapcore claims to help software developers monetize stolen or pirated installs of their apps by delivering ads through unauthorized installs, although fraudulent ad activity also takes place after valid app installs.
  • On its website, Tapcore claims to be serving more than 150 million ad requests daily and says its SDK has been incorporated into more than 3,000 apps.

Supporting Quotes:

"Mobile app fraud is a fast-growing threat that touches every stakeholder in the supply chain, from advertisers and their agencies o app developers, ad networks, publishers, and, increasingly, consumers themselves," said Mike Zaneis, CEO of the Trustworthy Accountability Group (TAG). "These types of fraud operations cross all four of TAG's programmatic pillars, including fraud, piracy, malware, and transparency, and preventing such operations will require unprecedented cross-industry collaboration. As the ad industry's leading information-sharing body, we are delighted to work with Oracle to educate and inform TAG's membership about this emerging threat."



"DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers," said Eric Roza, SVP and GM of Oracle Data Cloud. "DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices. We look forward to working with companies across the digital advertising ecosystem to identify, expose, and prevent this and other emerging types of ad fraud."

"Mobile devices are a prime target with a number of potential infection vectors, which are growing increasingly complicated, interconnected, and global in nature," said Kyle York, VP of product strategy, Oracle Cloud Infrastructure. "The discovery of the DrainerBot operation highlights the benefit of taking a multi-pronged approach to identifying digital ad fraud by combining multiple cloud technologies. Bottom line is both individuals and organizations need to pay close attention to what applications are running on their devices and who wrote them."


Resources:

Detailed information and mitigation resources for DrainerBot can be found at info.moat.com/drainerbot, including:

  • Information and advice for consumers on identifying potentially-infected apps on their devices, as well as general device security tips;
  • Access to a list of app IDs that have shown DrainerBot activity; (Note: Not all apps listed may currently be infected)
  • Access to the DrainerBot SDK, as well as related documentation;
  • Access to sample infected APKs for use by antivirus and security providers to identify and mitigate the DrainerBot threat.

Oracle Data Cloud's Moat Analytics helps top advertisers and publishers measure and drive attention across trillions of ad impressions and content views, so they can avoid invalid traffic (IVT), improve viewability, and better protect their media spend. Among those solutions, Pre-Bid by Moat helps marketers identify and utilize ad inventory that meets their high standards for IVT, third-party viewability, and brand safety.

Oracle Cloud Infrastructure edge services (formerly Dyn) offer managed Web Application Security, DNS, and Internet Intelligent services that help companies build and operate a secure, intelligent cloud edge, protecting them from a complex and evolving cyberthreat landscape.

About Oracle Data Cloud 
Oracle Data Cloud helps marketers use data to capture consumer attention and drive results. Used by 199 of the 200 largest advertisers, our Audience, Context and Measurement solutions extend across the top media platforms and a global footprint of more than 100 countries. We give marketers the data and tools needed for every stage of the marketing journey, from audience planning to pre-bid brand safety, contextual relevance, viewability confirmation, fraud protection, and ROI measurement. Oracle Data Cloud combines the leading technologies and talent from Oracle's acquisitions of AddThis, BlueKai, Crosswise, Datalogix, Grapeshot, and Moat.

About Oracle Cloud Infrastructure
Oracle Cloud Infrastructure is an enterprise Infrastructure as a Service (IaaS) platform. Companies of all sizes rely on Oracle Cloud to run enterprise and cloud native applications with mission-critical performance and core-to-edge security. By running both traditional and new workloads on a comprehensive cloud that includes compute, storage, networking, database, and containers, Oracle Cloud Infrastructure can dramatically increase operational efficiency and lower total cost of ownership. For more information, visit https://cloud.oracle.com/iaas

About Oracle
The Oracle Cloud offers a complete suite of integrated applications for Sales, Service, Marketing, Human Resources, Finance, Supply Chain and Manufacturing, plus Highly-Automated and Secure Generation 2 Infrastructure featuring the Oracle Autonomous Database. For more information about Oracle (NYSE: ORCL), please visit us at oracle.com.

Trademarks
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

1 All of the apps identified have recently generated fraudulent DrainerBot impressions identified by Moat Analytics. 

 

Cision View original content to download multimedia:http://www.prnewswire.com/news-releases/oracle-exposes-drainerbot-mobile-ad-fraud-operation-300798500.html

SOURCE Oracle


[ Back To TMCnet.com's Homepage ]