Android Phones Hijacked For Ad Scam

John Lister's picture

Nearly 30 Android and Roku apps hijacked phones to defraud advertisers. Although users never saw the ads, they may have noticed increased data use and slowed performance.

The scammers used the apps distributed in the official Google Play store to build up a network of almost a million compromised Android devices. The "PARETO" botnet then used the phones to issue bogus requests to advertisers while making the devices appear to be Smart TV sets. That was particularly appealing to advertisers because of the belief viewers are more likely to pay attention to an ad on a TV screen than on a phone.

Although the ads were never delivered in a way that would be viewable by the phone owner, the scammers still claimed credit from the advertisers and fraudulently received payments.

This is also known as click fraud where affiliates earn commissions on fake clicks, but is also used to deplete advertisers ad budgets. In the latter case, the ad competition diminishes which results in a lower cost-per-click per advertisement as competitors joust for the first ad position (which typically receives the most clicks).

Mobile Data Disappears

While this might not seem a problem for phone users, each compromised device made an average of almost 650 million bogus ad requests each day. This not only results in slowed down phone performance, but also results in drained batteries while heating up devices. For users on mobile data networks, it could mean running through monthly data allowances inexplicably quickly. (Source:

Security firm Human, which uncovered the scam, says the following Android apps were used for the scam:

  • Any Light
  • Bump Challenge - MultiSport
  • Carpet Clean
  • 3D Flash Light
  • Hole Ball
  • King Light Torch SOS
  • Mobile Screen Recorder
  • Save The Balloons
  • Sling Puck 3D Challenge

Apps Weren't Suspicious

As is often the case, the apps were generally either games or single-function apps such as those which use the phone's camera flash as a torch. Generally such apps work advertised; it's just that users don't know their real purpose.

Human's analysis suggests users would likely have had little reason to realize the apps housed malware. The underlying code would raise alarms among technical experts as, despite being advertised as not including apps, the code referred to connecting to ad-related URLs. It's not clear if or how Google should have spotted this code before allowing the apps into the official store. (Source:

What's Your Opinion?

How do you vet apps before installing them? Do you trust official stores such as Google Play to weed out most rogue apps? Have you ever spotted unexplained increased data use or battery drain after installing an app?

Rate this article: 
Average: 5 (5 votes)


buzzallnight's picture

Our government, military, electric utilities and the medical industry
use cell phones and computers
that we basically have NO control over
AT ALL!!!!!!!!!!!!

and chumps that really don't know anything about software
make and sell operating systems and cell phones.....
and these products are so flawed that it isn't really possible to fix them....

This is going to go really really bad some day......
literally back to the dark ages in a flash!!!!!!!!!

I just hope I am not around anymore to see it happen.......

buzzallnight's picture

In an attempt to extort some unknown amount of money out of the D.C. Metropolitan Police Department, hackers with the Babuk ransomware gang have leaked large amounts of data on five of the department’s officers.

Because the producers of software want to do on line licencing
they want to track you and sell you stuff

and in order to do these things
security is thrown out the window......

and there really is no downside for them for selling shoddy products.....

Doccus's picture

Re the previous comment.. actually.. it's *not* that easy to corrupt code.. Actually most code is well written.. it's just not *efficient*, which means there's a whole lot of unneccessary code inside there, that malware writers can hide their code in.
And these guys are smart.. often as smart as , say, Woz, or some of the best writers in the top sodtware companies in the world.. they just choose to be crooks instead of legit coders, for whatever reason. They know how to hide their code in these apps so it's not immediately obvious.
However, I believe the best defense against that kind of threat is efficient coding, instead of the bloat that typically accompanies modern software, and *especially* mobile apps.
I mean, what kind of justification can there be for a 50 Mb app that is, essentially , a web link to a company page or product?
That's my "2 bytes", anyways…

buzzallnight's picture

It is way to easy to corrupt code
and some of it is so shoddy you don't even have to corrupt it
you find the flaws that are already there.....

Ummm the people that write the code should be the people that know the most about it,

Obviously efficient coding would be good for many reasons.

ron_weiskopf's picture

I never downloaded any of the listed apps, but is there any way to test if it is happening? My phone has been running hot lately and has been losing battery power faster than it used to.