Dive Brief:
- Google eliminated more than 40 mobile applications from its Play store after security experts found malware hidden in apps that forced users to click on ads. Researchers at Check Point Software Technologies identified the auto-clicking adware, dubbed “Judy,” after it was downloaded as many as 36.5 million times, according to a blog post by Check Point.
- The malicious apps were developed by Kiniwini, a South Korean company that's registered on Google Play as Enistudio, Check Point said. The rogue code was secretly added to the apps after being installed on a mobile phone, making it undetectable to Google’s Bouncer technology that polices its store for adware.
- Check Point estimated that the malware possibly made as much as $300,000 a month for the developer, which started publishing games with titles like “Fashion Judy” and “Chef Judy” in April 2016.
Dive Insight:
The “Judy” malware demonstrates the growing sophistication of the perpetrators of click fraud, which will cost advertisers about $16.7 billion this year, according to a March study by The&Partnership, m/SIX and Adloox. The scale of the fraud means that about 20% of digital ad spend is lining the pockets of malware developers, the study found.
While Google tries to prevent adware downloads from its Play store, Judy was able to bypass those protections with software that loaded onto user phones after the initial download. Even more worrisome, the malware went undetected for more than a year and was detected only after it started generating millions of clicks.
Gaming apps are the most prone to fraud, according to a February study from ClicksMob, a mobile app marketing agency based in New York. Mobile gaming is an appealing target for fraud because its high engagement means that users are more likely to see ads, the firm said. ClicksMob also found a correlation between advertising spend and the volume of fraudulent traffic. Logically, advertisers tend to spend more during the weekend when consumers are more likely to use gaming and entertainment apps, and fraudsters have caught on to the trend. Fridays drew the most fraudulent ad attempts at 18% while Mondays drew the fewest at 12%.
Digital fraud overall is a continuous concern for marketers, as it cost advertisers more than $5 billion in 2015, according to IAB and fraud investigation firm EY.