Malicious mobile apps: Spoofed and hidden APKs

As companies continue to pour millions of dollars into digital advertising, ad fraud remains a significant issue for marketing departments. One of the trends in ad fraud is the emergence of hidden and spoofed APKs in the mobile app space. These types of fraud not only result in fake clicks and subscriptions, but also compromise consumers’ data. 

What is a spoofed APK? 

A spoofed APK is a version of an app that has been altered in some way, such as by adding malware or by changing the app’s functionality. They can be distributed through a variety of channels, including third-party app stores, social media and email, and are often used to distribute malware or to steal sensitive information from unsuspecting users. 

Spoofed APKs alter and misrepresent the quality of the source of traffic. The APK sends a fake bundled ID, also known as an xHeader request, which is the identifier of the app. These APKs pretend to be premium apps to avoid basic anti-fraud protection or quality control. 

What is a hidden APK? 

A hidden APK is an Android application package file that is not visible to the user or device. They are typically used by malware or other malicious programs to conceal their presence on a device. A hidden APK might be disguised as a legitimate app or it might be bundled with another app. Once installed, it can carry out various malicious activities such as tracking the user’s location and data, sending unauthorised text messages or making phone calls. 

Hidden APKs are similar to spoofed APKs in terms of the information they pass through the ad impression, but they intentionally suppress the APK’s name being sent in the session. This leads to the ad impression assuming the source of the ad is coming from a browser or with browser-like similarities. In the early days of app fraud, the first steps taken to prevent this type of fraud were to block specific APK headers or bundle IDs. However, as fraudsters soon noticed this, they started looking for ways to bypass this fraud prevention tool by hiding the APK’s name.  

How to protect your brand from spoofed and hidden APKs

To combat the problem of spoofed and hidden APKs, marketers should take proactive steps against APK spoofing. Anti-fraud solutions, with the power to identify and block spoofed and hidden APKs, can give you and your customers the protection you require and ensure that ad spending is going towards acquiring the right users. 

Look for solutions that identify in real-time suspicious activities like spoofing by spotting APK anomalies. Solutions like MCP SHIELD quarantine suspicious activities on your payment pages, and then notify you so you can decide what to block. 

Ad fraud is a constantly evolving problem, and marketers need to stay vigilant for new trends like hidden and spoofed APKs. It’s also crucial to understand your media source and the underlying vulnerabilities of the operating systems used by the majority of mobile devices. 

If you would like to discuss how to protect your brand from mobile payment fraud, please get in touch to explore the threat landscape and anti-fraud solutions. 

related posts

Strengthen Your DDRC for the Ofcom Era! 

Discover how the transition from PSA to Ofcom impacts the UK phone-paid services market. Learn about strengthened DDRC requirements and how to prepare for potentially enhanced compliance standards.

Black Friday: Tackling Misleading Advertising

With Black Friday fast approaching, mobile network operators need to stay vigilant against misleading advertising practices that can harm both customers and their DCB business.

Navigating the Global Carrier Billing Landscape

In an increasingly complex carrier billing landscape, payment aggregators face growing challenges in balancing compliance, supporting CSPs, and driving sustainable revenue. In this insightful interview, MCP Insight Director Kev Dawson shares his experience across the DCB value chain and offers practical advice for aggregators.