Researchers have uncovered a widespread fraud operation linked to several groups employing different versions of malware known as Badbox 2.0. Each group utilizes various distribution techniques, including preinstalled compromised apps and deceptive 'evil twin' apps in the Google Play Store. These nefarious tactics result in substantial ad fraud and malware distribution. The scale of this operation is immense, with estimates suggesting up to a million compromised devices online, indicating a serious ongoing threat in mobile cybersecurity.
Researchers from multiple firms report that the campaign appears to stem from a loosely connected ecosystem of fraud groups utilizing various methods to distribute malware and backdoors.
The scammers often create benign apps that gain approval on the Google Play Store but then deceive users into downloading malicious versions, referred to as 'evil twin' apps.
"The scale of the operation is huge," says Fyodor Yarochkin of Trend Micro, noting that there are "easily up to a million devices online" involved in this fraud.
Lindsay Kaye of Human emphasized the extensibility of the fraud modules, highlighting the possibility of future developments as attackers forge more relationships.
Collection
[
|
...
]