Oracle: Major ad scam 'DrainerBot' is rinsing Android users of their battery life and data

App piracy fighter Tapcore strenuously denies involvement

A major ad fraud operation could be sucking your phone of juice and using up more than 10GB of data a month by downloading hidden vids, Oracle has claimed.

The database vendor has dubbed the dodgy data slurper DrainerBot, and said it uses infected code on Android devices to deliver fraudulent, invisible video ads. Infected apps consume "significant bandwidth and battery", Big Red said.

The discovery was made by teams in two of Oracle's fairly recent acquisitions – ad-tracking biz Moat and internet infrastructure outfit Dyn – after they spotted significant increases in browsing activity from Android apps.

Ads in NYC

3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a day


The firm reckons the DrainerBot code was distributed via an infected SDK integrated into "hundreds of popular consumer Android apps and games".

Infected apps – which have been removed from Google's Play Store – were said to include augmented reality beauty app Perfect365, Draw Clash of Clans for sketching characters from the game, music app Touch 'n' Beat – Cinema, and VertexClub. Oracle said they had collectively been downloaded by users more than 10 million times.

Once an app has been downloaded, a code update brings new functions and this triggers the fraudulent ad videos. These ads don't appear onscreen – so users will be unaware of the scam – but Oracle said they will slow down other sites loading, consume more than 10GB of data a month and can easily drain a charged battery. Moreover, the firm said the ads can still be running even if the app isn't in use or is in sleep mode.

Meanwhile, the app is driving fake ad impressions, as it reports back to the ad network that each video advertisement has appeared on a legitimate publisher site – sites Oracle said are, in fact, spoofed.

Ad fraud isn't new, but Oracle said that this particular type of behaviour could be unique because of the impact it had on mobile users, as well as on advertisers and publishers.

"DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers," said Eric Roza, senior veep of Oracle Data Cloud. "DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices."

Oracle said the SDK "appeared" to have been distributed by Dutch firm Tapcore – significant because of the company's purported involvement in detecting and tackling ad fraud.

The firm, founded in 2015, allows app developers to detect pirated installations of their apps, and then displays targeted ads to the pirated user – giving the app developers the chance to earn cash from ad impressions.

The Tapcore code is, according to its site, incorporated into some 3,000 apps – but ads are only supposed to be shown to users if they have downloaded a pirated copy of the app.

In response to Oracle's claims, it issued a strong denial of its involvement, saying it was "extremely surprised and alarmed by the allegations and attempt to connect the company" with DrainerBot.

"At the moment of first hearing about the DrainerBot ad fraud scheme, Tapcore began immediate internal investigation to see whether any such code was ever distributed through its network without its knowledge," the Dutch firm said in a statement.

"The company is ready to cooperate with all interested parties and provide all results on its findings. Openness and transparency is paramount in the mobile advertising industry, and Tapcore is prepared to share all data and results."

The DrainerBot reveal follows a major ad fraud operation known as 3ve, which was uncovered last year. At its peak the scam was said to have used 1.7 million hijacked devices to generate fake ad clicks.

We've asked Google for comment. ®

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021