![]() Interestingly, the apps didn’t really try to cover their tracks. Source: White Ops Threat Intelligence, November 2020 (click on any image in this post to enlarge)Īssistive Touch 2020 on the Google Play Store The app’s package name is a misspelled version of the official one, which is common to the apps in this operation.Ĭcd87882dff824165aded2cb6d0f8c2780471a0de1d1388f06ec13f08f0bf074 This app is a copy of a legitimate app, Assistive Touch. The first app we spotted that triggered out-of-context ads-Assistive Touch 2020-is examined below. The URL of the JSON differs from app to app, but the structure is very similar, indicating the frequency of the ads and the Publisher ID to be used. ![]() The apps’ behavior is controlled by a command-and-control JSON hosted on Dropbox ( Note: Dropbox is another victim, not a participant, in the Cop圜atz operation). The Satori team discovered that these apps contain code capable of displaying out-of-context ads under the package. All of the apps have been removed from the Play Store as of this writing. What’s really notable about the Cop圜atz apps is just how many of them there were: we found 164 apps that shared this particular approach, with more than 10 million downloads among them. The short version: we found a large number of apps on the Google Play Store that were mimicking notable apps to garner downloads, only to then trick the user into seeing a whole bunch of unexpected ads. It’s in that spirit that we named our latest Satori Threat Intelligence and Research investigation “ Cop圜atz”. The game usually came to an end when the copier got tricked into doing or saying something self-insulting or when they were tattled on to whomever was in charge. If you grew up with siblings, odds are you experienced some form of the classic kids’ aggravating “game” of copycat. Researchers: Gabi Cirlig, Michael Gethers, Lisa Gansky, Adam Sell
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |