Fraudsters hide auto-playing videos in Android apps to illegally generate revenue
Malicious advertising network providers not developers blamed for battery-draining effects on Android devices
Advertising networks in Android apps are being hijacked by fraudsters who hide auto-playing videos behind ad banners to generate large swarms of revenue, developers have said.
It's well-known that webpages and apps can potentially be used to steal processor cycles to mine for cryptocurrencies, which drains battery power and mobile data, but according to a BuzzFeed report there's a similar scam for Android adverts,
This version uses power-hungry video adverts hidden behind traditional banner ads within Android apps. In the report, it suggests that app developers are not to blame despite an influx of complaints about their apps drain users' smartphone batteries and collect their data.
The scheme works with video ads that are hidden behind banner ads on apps that play automatically. No one can see them but they register as having been served and viewed. The legitimate ad developer will be paid for his content, but the fraudsters will generate much more because they'll stuff in as many of these rogue videos as possible.
Ultimately, it's the brands whose ads were shown in hidden video players that lose money to those running the scheme. An investigation pointed a finger at a company called OutStream, which is a subsidiary of a firm called Aniview, an Israeli company that runs video ad technology.
In correspondence with BuzzFeed, the company denied any involvement and instead said the platform, banner ads and code, which were created by one of its subsidiaries, were exploited by a malicious, unnamed third party.
"BuzzFeed brought to our attention that there is an abuse activity, as an immediate action, we stopped this activity and started and continue an internal incident review," said Aniview CEO Alon Carmel in an emailed statement.
"We notified and emphasised our clients that the use of our platform must be according to our policy and the IAB and TAG guidelines."
This type of fraud already has a name within the ad industry - in-banner video ads - and has apparently seen tens of millions of dollars worth of fraudulent video ads running a month.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now