In fact the only thing this oh-so-evil malware did was generate fake Google Ad clicks. Not really an offense against its users at all and it can be trivially uninstalled. I certainly wouldn't compare that to ransomware, DDoS botnets, search hijackers, etc that deeply nest themselves in your system and resist uninstallation so much that reinstalling the OS is often the suggested recovery option.
Lot's of adware can be equally sticky because it keeps on loading new crap on the system if you just miss it in one place. Tbh the worst disaster system I've seen usually involved adware, sure it's not a total data loss but I'd guess it's far more widespread than ransomware.
And I'd consider any behavior, that's not approved by the user, as an offense against the user. After all, this stuff is taking up resources that otherwise wouldn't be used (traffic, memory, CPU cycles and as such battery)
I also consider having random ads pop up, with no way around them except clicking them, pretty offensive behavior towards the user.
This stuff might, for now, be rather easy to uninstall but nobody can guarantee that won't change in the future and infected phones end up in a similar bad state like Windows systems with sticky adware infections.
I heard of something with Apple, somebody was able to change the checksum or something to an Apple app before it was submitted to a store and all the ad revenue went to that person. It was on a podcast I heard a few month(s) ago.
But the permissions are still too wide. Things like giving apps access to all your contacts, as opposed to having the OS only provide one contact, after the user picks it from a list.
It seems to me like CheckPoint is fishing for internet points with this title.
Does that mean Chrome is malware, too?
It never bypassed the sandbox. I don't think you can call this malware
If it went undetected for so long they must not have been at least somewhat conservative in their approach, so say 5mil DAU times 1 click a day at $0.25/click. So, million-ish dollars a day?
"Check Point estimated the firm was making millions from the ad clicks, in the region of $300,000 per month."
I imagine your price per click is over-estimated by a couple orders of magnitude, but that's just a guess.
[0] https://www.forbes.com/sites/thomasbrewster/2017/05/26/googl...
Google makes more than $25B/year in revenue so even with a 30/70 payout (30 percent to the fraudsters) maybe .001% of Google's ad revenue?
And that is why people do this stuff. Other than getting booted off the store nothing else will happen to these people who just made tens of millions of dollars.
I made a list of the apps with that namespace, preview here: https://mixrank.com/playstore/apps?expiration=2017-06-30&lis...
This list is a few times bigger than the ones mentioned in the article (been crawling for a long time, and try to be complete). If there's any security folks here that want access to the APKs for research, I'm happy to share (scott at mixrank).
The question is: would such an attack work on Apple devices? I'm assuming that the iOS API provides similar functionality to apps running on the device.
Heck, even if it was dripped out slowly, average % clickthrough - even on mobile where ads get fat fingered more often - is a tiny fraction of views. They would have been reporting some pretty crazy numbers.
No way in the world this wasn't easily spotted, when clickfraud is already a well known thing and Google are in the business of tracking things to sell more ads.
Are they really certain of this, or could it just be the work of someone who wants to "poison the well" of Google's ad network data collection?
It somehow reminds me of https://news.ycombinator.com/item?id=10611594 (Would CheckPoint also consider that malware?)
If these apps were indeed popular, I would imagine the historical APK's are available for the various versions on pirate sites. Simply performing a Google search for "Fashion Judy: Snow Queen style apk" shows downloads for different versions of it. This can give a better idea of the length of infection.
