Study: Mobile Device Hijacking Ad Fraud Tactic Threatens Mobile Ad Ecosystem
The threat to advertisers continues to increase with the pervasive use of known fraud tactics including device emulation, mobile user agent spoofing, mobile location spoofing, and user acquisition fraud.
As the mobile market has evolved to become a viable and valuable digital advertising channel, we are seeing an increase in nefarious tactics employed by malicious actors. The threat to advertisers continues to increase with the pervasive use of known fraud tactics including device emulation, mobile user agent spoofing, mobile location spoofing, and user acquisition fraud. In addition, the emergence of new fraud tactics not only serves to impair advertiser ROI but also impacts the consumer segment.
Forensiq has discovered a new type of ad fraud called mobile device hijacking, a tactic used by mobile applications to steal revenue by rapidly loading hidden ads and emulating human behavior, drawing many parallels to traditional botnets. However, mobile device hijacking differs in a fundamental way.
While most desktop malware is installed unintentionally via deceitful techniques, most mobile apps are installed intentionally. Consumers trust what they are getting: mobile apps exist in an official app store, may receive many positive reviews, and provide entertainment or utility. What we found is that apps can also serve an illicit purpose, harming both advertisers and consumers.
In this study, we share the characteristics of this emerging threat to the advertising ecosystem, as well as our methodology and findings.