You are using an older browser version. Please use a supported version for the best MSN experience.

News: Top Stories

Is your phone always low on battery and chewing through data? The ‘DrainerBot’ fraud could be to blame.

The Washington Post logo The Washington Post 2/20/2019 Brian Fung
U.S. Vice President Mike Pence is seen on a mobile phone screen as he speaks outside Hotel Bayerischer Hof during Munich Security Conference in Munich, Germany February 16, 2019. REUTERS/Michael Dalder © Reuters U.S. Vice President Mike Pence is seen on a mobile phone screen as he speaks outside Hotel Bayerischer Hof during Munich Security Conference in Munich, Germany February 16, 2019. REUTERS/Michael Dalder

A sneaky piece of advertising software may be responsible for driving up millions of Android users’ mobile data usage and wasting their device’s battery life, according to researchers at the technology company Oracle. 

The code, which Oracle said Wednesday is at the heart of a massive ad fraud operation it’s calling “DrainerBot,” works by quietly downloading gigabytes of video ads to a consumer’s smartphone and then displays them — invisibly — to users of apps that have been infected by the bot.

The software affects hundreds of Android apps that have been downloaded collectively more than 10 million times, the researchers said.

Because the invisible advertisements rely on the phone’s mobile data connection and processing power, the bot can lead to more than 10 GBs of extra data usage per month, Oracle said, exposing some cellphone users to possible data overage fees.

In this Jan. 13, 2019, photo, a power bank is seen. (AP Photo/Bernat Armangue) © AP In this Jan. 13, 2019, photo, a power bank is seen. (AP Photo/Bernat Armangue)

Consumers aren’t the only ones potentially harmed by the bot, said Eric Roza, senior vice president at Oracle. The bot wastes marketers’ money by selling ads that nobody sees, and it tarnishes the app developers who were likely unaware of its existence, he said.

“This is a crime with three layers of victims," he said in an interview. “I hadn’t seen anything like this before." 

Oracle’s researchers first stumbled across DrainerBot last summer, when network analysts flagged a suspicious spike in data traffic from some Android devices. Soon the company traced the bot’s code to a Dutch firm that specializes in combating app piracy.

It is unclear whether the Dutch company, Tapcore, knew of the bot or if it was responsible for it. Tapcore’s main business aims to help app developers get paid, through advertising, when software pirates use their apps illegally. Tapcore didn’t respond to multiple requests for comment Wednesday morning.

In this Thursday, Feb. 14, 2019, photo, a Cambodian man watches his mobile phone as he takes photographs of sunset on the outskirts of Phnom Penh, Cambodia. (AP Photo/Heng Sinith) © AP In this Thursday, Feb. 14, 2019, photo, a Cambodian man watches his mobile phone as he takes photographs of sunset on the outskirts of Phnom Penh, Cambodia. (AP Photo/Heng Sinith)

Tapcore’s software is ordinarily integrated into other apps before they’re published, and only serves ads to users who acquired the apps illegitimately, according to its website. Downloading an app with Tapcore’s code in it from the Google Play Store, for example, is not supposed to trigger the advertising. (Google didn’t immediately respond to a request for comment.) Tapcore’s offer to advertisers does not appear to mention the ad bot.

But there is little reason to expect that app developers or app store operators would have detected DrainerBot during the normal development process, Oracle said. 

After lying dormant for a period of time within an infected app, the infected software kit distributed by Tapcore was programmed to reach out to a server and download additional code that ultimately activated DrainerBot. Oracle said the intentional delay likely made it harder to detect the plot. Oracle said it was notifying the public of the ad fraud operation to protect the value of legitimate advertising.

Ad industry groups are expected to brief marketers on DrainerBot later this week.

“We are delighted to work with Oracle to educate and inform TAG’s membership about this emerging threat,” said Mike Zaneis, chief executive of the Trustworthy Accountability Group, which is led by companies such as Disney, Google and Facebook.

AdChoices
AdChoices

More From The Washington Post

The Washington Post
The Washington Post
image beaconimage beaconimage beacon