Cybersecurity researchers have unveiled a significant ad fraud campaign involving 180 malicious apps on the Google Play Store, collectively downloaded over 56 million times. Known as 'Vapor,' this operation served intrusive full-screen ads and initiated phishing attempts for credentials and payment information. The threat actors used a distribution method through multiple developer accounts, employing a tactic called versioning to bypass Google's vetting process. Users were lured into installing these seemingly legitimate applications, which ultimately rendered devices inoperable due to hijacked screens.
The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
Fraudsters behind the Vapor operation have created multiple developer accounts, each hosting only a handful of apps to distribute their operation and evade detection.
This distributed setup ensures that the takedown of any single account would have minimal impact on the overall operation.
Another important aspect is that the threat actors have been found employing a sneaky technique called versioning, which involves publishing a functional app sans any malicious functionality.
Collection
[
|
...
]