Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Over 100 apps found to serve unwanted ads using ‘Soraka’ SDK

More than 100 Android applications that were downloaded over 4.6 million times via the Google Play Store were found to contain malicious code that delivers unwanted, out-of-context (OOC) advertisements to users.

The code, a software development kit called Soraka, typically delivers its first OOC ad just after a device is unlocked, according to a new blog post report from researchers at White Ops, who discovered the threat. If the user clicks the home button to minimize this ad, a second unwanted ad appears. A third OOC ad soon follows as additional actions are taken.

In order to perpetrate its ad fraud activity, Soraka "first removes a background notification services that stops ad fraud activity when the phone screen is off," a White Ops company blog post states. "There is also code initiating fraud activity only while the device screen is on and the host app is not on top," the report continues.

Soraka, which in come cases is accompanied by a similar variant called Sogo, was observed in programs that included various sleep/bedtime assistance and alarm apps, puzzle and brainteaser apps, prank apps, file manager apps and more. In its blog post, White Ops highlighted the Best Fortune Explorer App, which offers to make predictions' on users' futures. Published by JavierGentry80, the app was released last September and has been downloaded more than 170,000 times.

According to White Ops, Soraka leverages the "AppsFlyer" mobile attribution and marketing analytics framework, and will only deliver the OOC ads if the framework determines that the app was installed as the direct result of a promotional effort on the part of the fraud actors. Soraka checks filters such as "Screen On," "Top Activity," "Interval Since Installation" and "Ad Network Daily Count Limit" in order to find devices that are best suited for fraud, while avoiding detection "from automated analysis and other services that would install the app ad-hoc and then, most likely, be considered as organic by AppsFlyer," the blog post continues.

White Ops did not indicate if Google was privately notified of the ad fraud apps or if the programs were removed from the Google Play Store. SC Media has reached out to both Google and White Ops for additional details.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.