HUMAN discovers and disrupts ad fraud, affecting 89 apps with 13 million downloads

A modern defense approach can disrupt a continuing attack with fresh modifications targeted to target codes and spoofing.

BUSINESS WIRE / NEW YORK / A highly sophisticated fraud operation targeting advertising software development kits (SDKs) within nine apps on the Apple App Store and 80 Android apps on the Google Play Store, which have been downloaded a combined total of over 13 million times, has been discovered and disrupted, according to HUMAN Security, Inc. (formerly White Ops). Scylla is the moniker given to an assault variant of a fraud scheme that was discovered and stopped in 2019 by HUMAN's Satori Threat Intelligence and Research Team. The Satori team is still keeping a close eye on the attack, but in the meanwhile, HUMAN has worked with Apple, Google, and others to remove the malicious apps from their app stores.

When it comes to undermining the economics of cybercrime, "we will continue to remain attentive for additional similar assaults and harness the work of collective protection," where an attack on one is a protection event for all. And that's the only way to guarantee victory.

Our top priority is protecting our consumers and the digital ecosystem from hackers like those behind these assaults. Tamer Hassan, co-founder and CEO of HUMAN, argued that the best way to combat threats like Scylla was through a current defensive system that allowed companies to collaborate across sectors. The economics of cybercrime will be disrupted by our efforts to be watchful against similar attacks and to utilize collective protection, in which an attack on one is a protection event for all. There's no other way for us to come out on top.

Scylla is the third iteration of an operation initially discovered by HUMAN in 2019 in which forty or more Android apps brazenly performed various forms of ad fraud. The Poseidon scam was interrupted by the Satori team's reverse engineering efforts, leading to the removal of the apps from the Google Play Store. Charybdis, the daughter of Poseidon, inspired the name of a 2020 update to the scheme that added code obfuscation and SDK-specific targeting.

The disclosure of Scylla's disruption today, named after Poseidon's granddaughter, shows that the threat players behind the plan have evolved in new directions. Unlike the Poseidon and Charybdis operations, which focused solely on Android apps, the Satori group has discovered evidence that Scylla also targets iOS apps and has expanded the attack to other sectors of the digital advertising ecosystem.

All apps linked to the Scylla operation were withdrawn from public access after the HUMAN Satori team collaborated with the Google Play Store and the Apple App Store. To lessen the blow to their systems and the systems of their advertising partners, HUMAN worked closely with developers of affected advertising SDKs. To safeguard their customers against the fraud that Scylla and its ancestors are known to commit, HUMAN has developed the MediGuard solution.

Scylla operation applications engaged in a wide variety of fraudulent activities, including but not limited to:

Scylla apps engaged in app spoofing, in which they pretended to be other apps for digital advertising; hidden ads, in which they rendered advertisements in locations where users would never expect to see them; and fake clicks, in which they tracked users' actual interaction with ads to generate the appearance of additional clicks.

This strategy, together with the obfuscation methods used in the Charybdis operation, shows the growing skill of the threat actors responsible for Scylla. Users should review the report's enumerated apps and seriously consider eradicating them from all of their devices because this is a continuing attack. Since this attack has already undergone several iterations, the Satori team is withholding some information to monitor and report on any future changes.

More than 15 trillion digital interactions are verified weekly by HUMAN, providing businesses with unparalleled visibility into online fraud with this platform. HUMAN can grow to such a large size thanks to its continuing investment in cybersecurity and recent merger with PerimeterX, which has allowed it to develop a suite of products to safeguard the whole digital consumer journey. Human's ability to continuously adapt, stay ahead of adversaries with modern defense (leveraging internet visibility, network effect, and disruptions), and protect clients with collective protection against threat models they have yet to encounter is made possible by the growing number of partners and enterprises using the Human Defense Platform.

The Satori group successfully employed various methods to identify Scylla and its operators, and they have since provided that information to the appropriate authorities. Follow the HUMAN blog to find out more about the Scylla operation.

In Human Terms

Protecting over 500 customers from sophisticated bots, fraud, and account misuse, HUMAN is a leader in the cybersecurity industry. We employ modern defense strategies like internet visibility, network effect, and interruptions to help our customers maximize return on investment (ROI) and trust while minimizing end-user friction, data contamination, and cybersecurity exposure. We are now in a position to triumph over hackers because we verify the humanity of over 15 trillion interactions per week across advertising, marketing, e-commerce, government, education, and enterprise security. Use HUMAN to keep your online company safe.