Zombie Apps are Plaguing Mobile Phones

One Malicious App Can Run 16,000 Ads in a Single Day

By Published on .

image Enlarge
This graph shows bandwidth usage, number of requests made and ads displayed without a user's knowledge.

Thousands of so-called zombie apps are infecting mobile phones, expending data usage and battery life at an alarming rate while costing advertisers nearly a billion dollars annually.

The applications often appear harmless, typically in the form of a game or a utility like a flashlight.

Once installed, the apps run constantly -- even if they are not opened by the user -- and continue to run in the background. In a single day, an app can consume two gigabytes of data, severely drain battery life and run more than 16,000 ads without the user's knowledge, according to a report published Thursday by Forensiq.

And unlike desktops, infected apps remain undetected by antivirus software, said David Sendroff, CEO of Forensiq.

"These apps are requesting permission to run on startup," Mr. Sendroff said. "Even if you reboot your phone that app would load in the background."

Global internet advertising is expected to surpass $68 billion in 2015. Infected apps detailed in Forensiq's report are expected to cost advertisers more than $857 million annually.

Over a 10 day span, more than 12 million unique devices had installed apps flagged for ad fraud, with a significant amount of infected phones coming from America, Europe and Asia, according to Forensiq's report.

"Waxing Eyebrows," for example, is an app that was tested in Forensiq's report and can be obtained through the Google Play store. It has more than 100,000 downloads and was flagged by Forensiq. "The people making these apps have ways to drive install," Mr. Sendroff said. "They can certainly monetize with a small user base."

Some of the malicious apps simulate random ad clicks that load an advertiser's landing page without the user's knowledge. And many of the apps were observed generating traffic through most major ad exchanges and networks, establishing 1,100 connections per minute and communicating with 320 ad networks per hour.

More than 5,000 mobile apps were flagged in the Forensiq study as applications committing ad fraud. The apps were flagged on both Android and iOS phones.

Coca-Cola, Microsoft and Mercedes were among a number of advertisers who have fallen victim to the infected apps, Mr. Sendroff said.

And while the advertisements are never seen, they simulate real user activity, displaying 700 ads an hour and defrauding advertisers every second, according to Mr. Sendroff. To put that number in perspective, a typical app will usually display an ad about every one or two minutes.

Malicious apps often request suspicious permissions, which include being able to prevent the device from sleeping, running at startup or accessing location services while running in the background, according to Forensiq's report.

Mr. Sendroff says that Forensiq uses real-time algorithms built to discover irregular traffic patterns, inconsistent with real user behavior, such as the ones generated by an app that would have been modified to continually load ads in the background.

Mike Zaneis, exec VP and general counsel for the Interactive Advertising Bureau, said the Forensiq report is "groundbreaking."

"It explores the impact in the mobile space when before the focus was on display advertising," Mr. Zaneis said. "This is the next frontier for criminals. As the money and ad dollars flow toward the mobile space, criminals are going to go there. They are following the money."

Mr. Zaneis added that fighting malware costs American consumers $2 billion annually. "The app world is more confined," he said. "It will take more money to develop effective solutions to combat this."

UPDATE: Google Suspends 'Zombie' Apps Following Forensiq Report

Most Popular