'Evil Twin' Apps Spread for Multiple Fraud Schemes

July 17, 2024, 12:29 p.m.

Description

HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil twins conduct ad fraud, install browser extensions, monitor web searches, and sideload malicious code onto devices by abusing an ad SDK called CaramelAds. This novel obfuscation method represents fraudulent traffic as legitimate.

External References

https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-konfety-spreads-evil-twin-apps-for-multiple-fraud-schemes
https://otx.alienvault.com/pulse/6697a27fa941fa7baac18d0f
Tags
obfuscation
impersonation
malvertising
2024-07-17
mobile
konfety
ad fraud

Date

  • Created: July 17, 2024, 10:52 a.m.
  • Published: July 17, 2024, 10:52 a.m.
  • Modified: July 17, 2024, 12:29 p.m.

Attack Patterns

  • Konfety