Malicious mobile apps: Spoofed and hidden APKs

As companies continue to pour millions of dollars into digital advertising, ad fraud remains a significant issue for marketing departments. One of the trends in ad fraud is the emergence of hidden and spoofed APKs in the mobile app space. These types of fraud not only result in fake clicks and subscriptions, but also compromise consumers’ data. 

What is a spoofed APK? 

A spoofed APK is a version of an app that has been altered in some way, such as by adding malware or by changing the app’s functionality. They can be distributed through a variety of channels, including third-party app stores, social media and email, and are often used to distribute malware or to steal sensitive information from unsuspecting users. 

Spoofed APKs alter and misrepresent the quality of the source of traffic. The APK sends a fake bundled ID, also known as an xHeader request, which is the identifier of the app. These APKs pretend to be premium apps to avoid basic anti-fraud protection or quality control. 

What is a hidden APK? 

A hidden APK is an Android application package file that is not visible to the user or device. They are typically used by malware or other malicious programs to conceal their presence on a device. A hidden APK might be disguised as a legitimate app or it might be bundled with another app. Once installed, it can carry out various malicious activities such as tracking the user’s location and data, sending unauthorised text messages or making phone calls. 

Hidden APKs are similar to spoofed APKs in terms of the information they pass through the ad impression, but they intentionally suppress the APK’s name being sent in the session. This leads to the ad impression assuming the source of the ad is coming from a browser or with browser-like similarities. In the early days of app fraud, the first steps taken to prevent this type of fraud were to block specific APK headers or bundle IDs. However, as fraudsters soon noticed this, they started looking for ways to bypass this fraud prevention tool by hiding the APK’s name.  

How to protect your brand from spoofed and hidden APKs

To combat the problem of spoofed and hidden APKs, marketers should take proactive steps against APK spoofing. Anti-fraud solutions, with the power to identify and block spoofed and hidden APKs, can give you and your customers the protection you require and ensure that ad spending is going towards acquiring the right users. 

Look for solutions that identify in real-time suspicious activities like spoofing by spotting APK anomalies. Solutions like MCP SHIELD quarantine suspicious activities on your payment pages, and then notify you so you can decide what to block. 

Ad fraud is a constantly evolving problem, and marketers need to stay vigilant for new trends like hidden and spoofed APKs. It’s also crucial to understand your media source and the underlying vulnerabilities of the operating systems used by the majority of mobile devices. 

If you would like to discuss how to protect your brand from mobile payment fraud, please get in touch to explore the threat landscape and anti-fraud solutions. 

related posts

Building a Secure and Trustworthy Mobile Payments Ecosystem

Following a recent MEF webinar discussing fraud in the mVAS/DCB space, here we share why collaboration is the key to protecting customers and the value chain.

Telecoms World Middle East 2024

Book a meeting with MCP Insight at 8.1 LIVE to explore how we can protect your mVAS/DCB business and grow revenue.

Cookie Consent Pop-ups on mVAS Advertising Flows

Cookie consent pop-ups are appearing on mVAS advertising flows after several EU data protection supervisory authorities issues new guidance. Here we explore how to minimise any negative impact and ensure compliance.