PreAmo adware affects 90 million Android devices in new ad-fraud campaign
- Six fake apps claiming to boost the functionalities of smartphones are being used to distribute adware named ‘PreAmo’.
- The campaign is used to make money out of three ad agencies, namely Presage, Admob and Mopub.
A fraudulent ad-clicking campaign has been found infecting 90 million Android mobiles worldwide to generate revenues. Six fake apps claiming to boost the performance of smartphones are being used to distribute adware named ‘PreAmo’. These apps have recorded to have a total of 90 million installations worldwide.
What’s the purpose - According to researchers at Check Point, the campaign is used to make money out of three ad agencies, namely Presage, Admob and Mopub.
What are the six fake apps - The six fraudulent packages that are pushed in the form of apps are:
- com.pic.mycamera – 57 million installations
- com.omni.cleaner – 48 million installations
- com.speedbooster.optimizer – 24 million installations
- com.rambooster.totalcleaner – 15 million installations
- com.cooler.smartcooler – 12 million installations
- com.flashlight.torch.screenlight.party – 3.4 million installations
What’s new about ‘PreAmo’ - PreAmo features three unique code snippets that deal with the three ad agencies. Although the malware is not connected in terms of code, it was discovered that these three code snippets use the same res.mnexuscdn[.]com C2 server to send statistics and receive configuration.
Apart from this, the three code snippets work in a similar manner:
- They register a listener on a banner being loaded by the ad network;
- Once the banner is loaded, ‘PreAmo’ uses the functionality of Android’s framework class ‘MotionEvent’ to imitate a click.
How to stay safe - In order to avoid falling victim to such fraudulent ad campaigns, users should
- Install applications from the official app store;
- Always check the rating, comments and download count of an application before installing;
- Install a security solution from a well-known vendor;
- Always check links before sharing personal information.