A Canadian cybersecurity firm has released a report that accuses a Russian mobile app company of million dollar fraud via MoPub, a Twitter-owned advertising marketplace. Researchers at the advertising security firm Sentrant uncovered the scam Monday that alleges Academ Media, a mobile entertainment company, infected over 200 apps in the Google Play Store to load “invisible” ads in the background amounting to roughly $250,000 in revenue per day.
Twitter and MoPub have declined to comment. Academ Media has denied the allegations and refuted Sentrant’s report and The Financial Times’ coverage in a press release:
In the beginning of 2015 our company’s servers containing:
source codes and the art of mobile applications;
signature certificate for Google Play applications;
account passwords of Google Play developers;
have been hacked, presumably from China. The fact of the data leakage was detected on the 13th March 2015.
Sentrant’s report claims the scam involves over 20 shell companies, 247 apps, and affects over 500,000 installs on Android mobile devices.
“In addition to compromised apps, the fraudsters have inserted their ad code into a version of the MoPub software development kit (SDK), which they are integrating into these compromised apps,” reported Sentrant. The estimated $250,000 in revenue per day comes from companies who are paying for advertising that consumers never see.
“This is as bad as any financial crime going on worldwide,” Chief Executive of Sentrant Allen Dillon told the Financial Times. “It’s going to cost the consumer at the end of the day, because someone has to pay for the losses.”
Academ Media stands behind the fact that after the breach, Google Play removed its apps from the store. However, Sentrant’s report suggests the company’s new apps released since the hack are infected with a fraudulent code even “stealthier” than before. The new code was reportedly designed to target MoPub specifically. MoPub’s marketplace connects advertisers to more than 30,000 apps and takes a percentage from each transaction made. Academ Media’s alleged malicious code was able to simulate views and generate fake clicks unnoticed by hiding within customized MoPub SDK, according to Sentrant’s report.
The Financial Times reports Academ Media’s head of business relations Tim Prokhorov insists the new apps must have been infiltrated by the hackers who had access to the previous stolen code.
The International Business Times UK has confirmed all suspicious apps have been removed from the Google Play Store. However, Sentrant co-founder Hadi Shiravi reminds users that if you already have an infected app installed you’ll have to manually remove it yourself.
Google responded to the Sentrant’s report in a statement: "While we don't comment on specific apps, we can confirm that our Google Play policies are designed to provide a great experience for users and developers. That's why we remove apps from Google Play that violate those policies."
We will continue to update this story as it develops.
