Meet DrainerBot, the Ad-Fraud Operation That Could Be Stealing Your Mobile Data

Dubbed “DrainerBot”, the menace is distributed via software embedded in millions of consumer apps that (once downloaded) can surreptitiously download hidden and unseen video ads, costing both advertisers and consumers alike.

“DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices,” Eric Roza, svp and general manager of Oracle Data Cloud, said in a statement.

Per Oracle, the DrainerBot code appears to have been distributed via infected software integrated into hundreds of popular consumer Android apps, such as Draw Clash of Clans and Solitaire: 4 Seasons, that deliver fraudulent, invisible video ads to the device. The infected apps then report back to the ad network that each video advertisement has appeared on a legitimate publisher site, but the sites are spoofed, not real.

Oracle claims its Dyn and Moat offerings discovered DrainerBot and even went as far as to allege that Netherlands-based Tapcore is the party responsible for distributing the offending SDK (read more here). Tapcore claims it helps software developers monetize stolen or pirated installs of its apps by delivering ads through unauthorized installs, although fraudulent ad activity also takes place after valid app installs. The company has yet to respond to press requests, including Adweek’s, for comment on Oracle’s allegations.

Mike Zaneis, CEO of the Trustworthy Accountability Group, said, “These types of fraud operations cross all four of TAG’s programmatic pillars, including fraud, piracy, malware and transparency, and preventing such operations will require unprecedented cross-industry collaboration.”

Ad fraud, a $19 billion dollar a year scourge, costs the industry $50 million per day. Zaneis worked with the Department of Justice late last year in taking down a ring of foreign nationals running a digital advertising-fraud scheme worth more than $30 million. And while many argue that the role of ad tech has only amplified the bad actors, the industry is working with law enforcement to take action. The challenge, however, will be how to approach the ad-fraud Whack-A-Mole across platforms and devices, as both continue to grow, providing ample opportunity for fraud to take place.

Kyle York, vp of product strategy, Oracle Cloud Infrastructure, noted that mobile devices are a prime target for fraudulent operations because of the complex nature of the in-app mobile advertising ecosystem. The discovery of the DrainerBot operation highlights the benefit of taking a multipronged approach to identifying digital ad fraud by combining multiple cloud technologies, he added.

“Bottom line is both individuals and organizations need to pay close attention to what applications are running on their devices and who wrote them,” York said.