Mobile ad fraud operation Scylla, which involved 89 mobile applications with 13 million total downloads, has been identified and disrupted by cybersecurity provider Human, reports SecurityWeek.
Eighty Android and nine iOS apps were part of the campaign, which was the third iteration of the Poseidon operation, with the apps found to have obfuscated code resembling those of the campaign's predecessor Charybdis.
Researchers at Human also discovered that some of the malicious apps impersonated other apps when appearing before ad tech firms and advertisers, with 29 Android apps discovered to pose as more than 6,000 CTV-based apps. Some apps were also identified to have falsely claimed to show ads to users, while others enabled the registration of real ad click-related information, which were then sent as fake clicks to advertisers.
"These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla," said Human. All of the apps have already been removed from the Google Play store and Apple's App Store.