While we hear a lot about Android apps posing as malware and adware, it’s rare for fraudulent iOS apps to sneak through Apple’s security and curation. However, security researcher HUMAN’s Satori Threat Intelligence & Research team has uncovered 10 such iPhone apps that “commit several different flavors of advertising fraud” when installed.
In a lengthy blog post about the Charybdis and Scylla operations, researchers found that numerous apps, of which more than 10 were on iOS and some 75 are on Android, “contained code that pretended to be other, legitimate games for advertising purposes, helping to keep their operation quiet.” The apps in question used code obfuscation to generate fake clicks and fraudulent ads on hidden screens that are “loaded with ads, tricking advertisers into paying for fake impressions to an audience that is never there.”
The apps uncovered by the researchers are all knock-offs of popular games and have since been removed from the App Store:
- Loot the Castle
- Ninja Critical Hit
- Racing Legend 3D
- Rope Runner
- Run Bridge
- Shinning Gun
- Tony Runs
- Wood Sculptor
The researchers didn’t uncover any security risk but background processes and transmission could have an impact on performance and battery life. Additionally, the teams warns that the developers “may update the apps to change how they work, so removing the apps is your best bet.”
There are various ways to delete an app, the simplest is to locate it in Settings:
- Go to Settings.
- Navigate to General > iPhone Storage (or iPad Storage).
- Look through your list of apps (which are sorted with the ones taking up the most space at the top).
- To get rid of an app, tap it then select Delete App on the next page.