White Ops discovers a collection of Android apps that have installed a hidden browser to load malicious ads. Google has removed an unknown number of Android apps from the official Google Play Store that appear to have been part of a botnet ad scam.
This botnet called Terracotta was discovered by the security team Satori of White Ops, a security company that specializes in locating muzzle.
White Ops researchers say they have been tracking Terracotta since late 2019 when the botnet appeared to have been first released.
According to the researchers, Terracotta worked by uploading apps to the Google Play Store that promised users free products if they installed the apps on Appliances their.
Applications usually offer free shoes, boots and sometimes tickets, coupons and expensive dental treatments. Users were asked to install application and then wait two weeks to receive the free products, during which they had to leave the app installed on their smartphone.
However, the applications downloaded and ran a modified version of WebView, a weaker version of Google Chrome. Terracotta gang launches modified WebView browser without realizing it user and committed an ad scam by uploading ads and monetizing fake ad impressions.
The White Ops team described Terracotta as "a complex and huge bot". It was complicated because it used advanced techniques to avoid detection by fake networks advertisements and it was huge because of the scale at which it operated.
For example, White Ops said that in the last week of June alone, the Terracotta botnet "loaded" more than two billion ads in 65.000 infected smartphone.
Some Terracotta applications have been removed from Google Play
Currently, after Google's intervention, the presence of botnet in the Play Store has been reduced, but it has not been completely removed, with some devices appearing to be infected.
Some users may think that because Terracotta malware cheated ad networks rather than directly users, this botnet may not be a problem for them, but on infected devices, malicious applications often cause problems with the battery after running around the clock.
Unfortunately, White Ops has not released a list of applications that have been infected with Terracotta. However, the good news is that when Google removes malicious apps from the Play Store, it also disables malicious apps. applications on all users' devices, stopping their malicious behavior.