Oracle Exposes “DrainerBot” Mobile Ad Fraud Operation

Top 20 Articles for vSphere,January 19
February 21, 2019
COFCO International selects IBM Services for global digital transformation
February 21, 2019
Top 20 Articles for vSphere,January 19
February 21, 2019
COFCO International selects IBM Services for global digital transformation
February 21, 2019

Press Release

Oracle Exposes “DrainerBot” Mobile Ad Fraud Operation

Millions of Consumer Devices May Be Infected; Apps Can Drain 10GB Data/Month; Joint Work of Teams from Oracle’s Moat and Dyn Acquisitions Led to Discovery

Redwood City, CA—Feb 20, 2019



Oracle today announced the discovery of and mitigation steps for “DrainerBot,” a major mobile ad fraud operation distributed through millions of downloads of infected consumer apps. Infected apps can consume more than 10GB of data per month downloading hidden and unseen video ads, potentially costing each device owner a hundred dollars per year or more in data overage charges.

DrainerBot was uncovered through the joint efforts of Oracle technology teams from its Moat and Dyn acquisitions. Now part of the Oracle Data Cloud, Moat offers viewability, invalid traffic (IVT), and brand safety solutions, while Dyn enables DNS and security capabilities as part of Oracle Cloud Infrastructure.

The DrainerBot code appears to have been distributed via an infected SDK integrated into hundreds of popular consumer Android apps and games[1] like “Perfect365,” “VertexClub,” “Draw Clash of Clans,” “Touch ‘n’ Beat – Cinema,” and “Solitaire: 4 Seasons (Full).” Apps with active DrainerBot infections appear to have been downloaded by consumers more than 10 million times, according to public download counts.

Information About DrainerBot

  • DrainerBot is an app-based fraud operation that uses infected code on Android devices to deliver fraudulent, invisible video ads to the device.
  • The infected app reports back to the ad network that each video advertisement has appeared on a legitimate publisher site, but the sites are spoofed, not real.
  • The fraudulent video ads do not appear onscreen in the apps (which generally lack web browsers or video players) and are never seen by users.
  • Infected apps consume significant bandwidth and battery, with tests and public reports indicating an app can consume more than 10 GB/month of data or quickly drain a charged battery, even if the infected app is not in use or in sleep mode.
  • The SDK being used in the affected apps appears to have been distributed by Tapcore, a company in the Netherlands.
  • Tapcore claims to help software developers monetize stolen or pirated installs of their apps by delivering ads through unauthorized installs, although fraudulent ad activity also takes place after valid app installs.
  • On its website, Tapcore claims to be serving more than 150 million ad requests daily and says its SDK has been incorporated into more than 3,000 apps.

 

Supporting Quotes

“Mobile app fraud is a fast-growing threat that touches every stakeholder in the supply chain, from advertisers and their agencies to app developers, ad networks, publishers, and, increasingly, consumers themselves,” said Mike Zaneis, CEO of the Trustworthy Accountability Group (TAG). “These types of fraud operations cross all four of TAG’s programmatic pillars, including fraud, piracy, malware, and transparency, and preventing such operations will require unprecedented cross-industry collaboration. As the ad industry’s leading information-sharing body, we are delighted to work with Oracle to educate and inform TAG’s membership about this emerging threat.”

“DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers,” said Eric Roza, SVP and GM of Oracle Data Cloud. “DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices. We look forward to working with companies across the digital advertising ecosystem to identify, expose, and prevent this and other emerging types of ad fraud.”

“Mobile devices are a prime target with a number of potential infection vectors, which are growing increasingly complicated, interconnected, and global in nature,” said Kyle York, VP of product strategy, Oracle Cloud Infrastructure. “The discovery of the DrainerBot operation highlights the benefit of taking a multi-pronged approach to identifying digital ad fraud by combining multiple cloud technologies. Bottom line is both individuals and organizations need to pay close attention to what applications are running on their devices and who wrote them.”

Resources

Detailed information and mitigation resources for DrainerBot can be found at info.moat.com/drainerbot, including:

  • Information and advice for consumers on identifying potentially-infected apps on their devices, as well as general device security tips;
  • Access to a list of app IDs that have shown DrainerBot activity; (Note: Not all apps listed may currently be infected)
  • Access to the DrainerBot SDK, as well as related documentation;
  • Access to sample infected APKs for use by antivirus and security providers to identify and mitigate the DrainerBot threat.

 

Oracle Data Cloud’s Moat Analytics helps top advertisers and publishers measure and drive attention across trillions of ad impressions and content views, so they can avoid invalid traffic (IVT), improve viewability, and better protect their media spend. Among those solutions, Pre-Bid by Moat helps marketers identify and utilize ad inventory that meets their high standards for IVT, third-party viewability, and brand safety.

Oracle Cloud Infrastructure edge services (formerly Dyn) offer managed Web Application Security, DNS, and Internet Intelligence services that help companies build and operate a secure, intelligent cloud edge, protecting them from a complex and evolving cyberthreat landscape.

[1] All of the apps identified have recently generated fraudulent DrainerBot impressions identified by Moat Analytics.


Contact Info
Shasta Smith
Oracle
+1.503.560.0756
[email protected]

About Oracle Data Cloud

Oracle Data Cloud helps marketers use data to capture consumer attention and drive results. Used by 199 of the 200 largest advertisers, our Audience, Context and Measurement solutions extend across the top media platforms and a global footprint of more than 100 countries. We give marketers the data and tools needed for every stage of the marketing journey, from audience planning to pre-bid brand safety, contextual relevance, viewability confirmation, fraud protection, and ROI measurement. Oracle Data Cloud combines the leading technologies and talent from Oracle’s acquisitions of AddThis, BlueKai, Crosswise, Datalogix, Grapeshot, and Moat.

About Oracle Cloud Infrastructure

Oracle Cloud Infrastructure is an enterprise Infrastructure as a Service (IaaS) platform. Companies of all sizes rely on Oracle Cloud to run enterprise and cloud native applications with mission-critical performance and core-to-edge security. By running both traditional and new workloads on a comprehensive cloud that includes compute, storage, networking, database, and containers, Oracle Cloud Infrastructure can dramatically increase operational efficiency and lower total cost of ownership. For more information, visit https://cloud.oracle.com/iaas.

About Oracle

The Oracle Cloud offers a complete suite of integrated applications for Sales, Service, Marketing, Human Resources, Finance, Supply Chain and Manufacturing, plus Highly-Automated and Secure Generation 2 Infrastructure featuring the Oracle Autonomous Database. For more information about Oracle (NYSE: ORCL), please visit us at www.oracle.com.

Trademarks

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.


Talk to a Press Contact

Shasta Smith

  • +1.503.560.0756

Comments are closed.