Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Similar to click farms, bots and emulators operate on the basis of imitation software, run directly on computers and allow clicking ads and installing mobile applications. Since the devices themselves do not actually exist, this is the easiest and most convenient method for click fraud for attackers.
The number of online transactions and mobile traffic has increased since the COVID-19 pandemic, when many people had to go into prolonged self-isolation. And with it, the risk of mobile fraud has also increased. Fraudsters are using various devices to automate fraud, including smartphone emulators.
90% of fraudulent invalid traffic comes from devices running Android OS. As a rule, the most outdated, but still functioning versions are used. Attacks can also come from hacked smartphones on iOS, which threaten online stores.
In this article, we will look at what it is and how scammers use it for click fraud attacks on sites with advertising.
Contents
1. What are emulators
2. About using emulators
2.1 Developers as help
2.2. Scammers for Malicious Attacks
3. 90% of mobile fraud comes from Android devices
4. How to combat attacks from malicious emulators and stop mobile fraud
Example:
SMM specialists use Windows emulators to work with business accounts on Instagram (belongs to Meta, an organization banned in the Russian Federation). This allows you not to use your phone with constant account changes. It is enough to enter login data and work on the social network directly on your PC. One such program is, for example, Gramblr.
Why do they do this? An application is usually developed for many variants and versions of devices and operating systems at once. Of course, it will be impossible to test the application on all such physical devices. That is why emulators become a convenient testing tool, as they imitate such devices.
Why do attackers use emulators:
Cybersecurity experts conducted a study and processed more than 76 billion mobile events from 1.3 million users using more than 2.1 million types of devices. They found that mobile apps accounted for 75% of traffic, of which 26% were fraudulent. Web traffic on PCs, however, led the pack, with 34% of invalid clicks.
The flexible capabilities of emulators allow fraudsters to bypass security systems by simulating and counterfeiting sensor sensors. The ease of use of such programs allows fraudsters to easily deceive advertisers.
It is also easier for attackers to use emulators for click fraud because they are easier to launch and work with on a computer – from a large monitor.
When a device impersonating a phone is blocked by a social network, advertising platform, or anti-click fraud service, the fraudster deletes it and generates a new one. This is why security services cannot distinguish automated fraudulent attacks from the behavior of real users based on unique device identifiers alone.
Example:
In 2020, scammers used hundreds of emulators to launch console games. Malicious mobile apps disguised themselves as Nintendo console (NES) game emulators, which allowed the console to be launched directly on smartphones so that users could play retro games.
As soon as they installed the apps on their devices, they were immediately shown an ad on the screen of the infected device stating that the ad was presented by another app. The ads were also disguised by the attackers as popular advertising platforms. The malicious apps were installed more than 14 million times with 15 million ad impressions per day (ads were also shown every 10 minutes).
The developers of fraudulent applications, in fact, did not create console emulators, but simply copied someone else's code of ready-made software. That is why some of the applications either worked with many errors or did not work at all. Real user reviews of fraudulent applications in the Play Market with negative ratings (1 star) and purchased (5 stars) - there were simply no others - allowed us to draw the attention of the support service. After verification, the applications were removed from the Google store.
To bypass the security protocol, the scammers used “packers” — software that is used to save space and hide the final payload. Typically, they are used to protect intellectual property or to inject malicious code that allows them to bypass antivirus programs.
In addition, there are many more applications created for Android than for iOS. They require multi-level access, which allows cybercriminals to find vulnerabilities and commit fraudulent actions.
Similarly, attackers can easily hack applications installed on outdated versions of the Android OS, as they are more vulnerable due to the lack of modern built-in protection methods and system security controls.
What methods can be used to combat click fraud on smartphones:
This approach allows us to detect up to 30-50% of fraudulent traffic, improve and expand models for machine learning of click fraud protection systems, reduce the number of errors in identifying bots, and show ads only to real users without losing advertising budgets to fraudsters.
This is why advertisers and marketers turn to specialized bot blocking services like Botfaqtor as a preventative measure. There are many layers between data sources and applications where a cybercriminal can manipulate data, so collecting characteristic patterns allows you to detect malicious activity and reject suspicious traffic.
The number of online transactions and mobile traffic has increased since the COVID-19 pandemic, when many people had to go into prolonged self-isolation. And with it, the risk of mobile fraud has also increased. Fraudsters are using various devices to automate fraud, including smartphone emulators.
90% of fraudulent invalid traffic comes from devices running Android OS. As a rule, the most outdated, but still functioning versions are used. Attacks can also come from hacked smartphones on iOS, which threaten online stores.
In this article, we will look at what it is and how scammers use it for click fraud attacks on sites with advertising.
Contents
1. What are emulators
2. About using emulators
2.1 Developers as help
2.2. Scammers for Malicious Attacks
3. 90% of mobile fraud comes from Android devices
4. How to combat attacks from malicious emulators and stop mobile fraud
What are emulators
An emulator (from the English emulator) is special software that is installed on a computer and allows you to simulate, for example, mobile devices, third-party software packages, etc.Example:
SMM specialists use Windows emulators to work with business accounts on Instagram (belongs to Meta, an organization banned in the Russian Federation). This allows you not to use your phone with constant account changes. It is enough to enter login data and work on the social network directly on your PC. One such program is, for example, Gramblr.
About using emulators
They are used both for good and for harm. Read below to find out who installs emulators and why.Developers as a help
Mobile app developers use them to test functionality on various devices and across the versions covered by the app. This allows them to find and fix errors that users may encounter in the future, as well as improve UX indicators. The testing is carried out not only on smartphones, but also on tablets with PCs.Why do they do this? An application is usually developed for many variants and versions of devices and operating systems at once. Of course, it will be impossible to test the application on all such physical devices. That is why emulators become a convenient testing tool, as they imitate such devices.
Scammers for Malicious Attacks
However, emulators are not always used for good. Fraudsters use them to carry out attacks on mobile devices. In this case, they are used to generate pseudo-installations of applications on smartphones, fictitious interaction with them, clicking on ads, that is, to squander advertisers' budgets for their own benefit.Why do attackers use emulators:
- Launch scripted credential stuffing attacks, in which automated software attempts to repeatedly log into an account using a brute-force attack.
- They create fake accounts on social networks to send spam.
- Simply send spam emails. Attacks can come from various domains and mail services, such as gmail.com or hotmail.com, to avoid triggering security filters.
- Simulate the behavior of real users: clicks, photo views, likes.
- They use stolen users to hack and “hijack” accounts.
- Scale emulators to carry out multiple attacks simultaneously.
Cybersecurity experts conducted a study and processed more than 76 billion mobile events from 1.3 million users using more than 2.1 million types of devices. They found that mobile apps accounted for 75% of traffic, of which 26% were fraudulent. Web traffic on PCs, however, led the pack, with 34% of invalid clicks.
The flexible capabilities of emulators allow fraudsters to bypass security systems by simulating and counterfeiting sensor sensors. The ease of use of such programs allows fraudsters to easily deceive advertisers.
It is also easier for attackers to use emulators for click fraud because they are easier to launch and work with on a computer – from a large monitor.
When a device impersonating a phone is blocked by a social network, advertising platform, or anti-click fraud service, the fraudster deletes it and generates a new one. This is why security services cannot distinguish automated fraudulent attacks from the behavior of real users based on unique device identifiers alone.
Example:
In 2020, scammers used hundreds of emulators to launch console games. Malicious mobile apps disguised themselves as Nintendo console (NES) game emulators, which allowed the console to be launched directly on smartphones so that users could play retro games.
As soon as they installed the apps on their devices, they were immediately shown an ad on the screen of the infected device stating that the ad was presented by another app. The ads were also disguised by the attackers as popular advertising platforms. The malicious apps were installed more than 14 million times with 15 million ad impressions per day (ads were also shown every 10 minutes).
The developers of fraudulent applications, in fact, did not create console emulators, but simply copied someone else's code of ready-made software. That is why some of the applications either worked with many errors or did not work at all. Real user reviews of fraudulent applications in the Play Market with negative ratings (1 star) and purchased (5 stars) - there were simply no others - allowed us to draw the attention of the support service. After verification, the applications were removed from the Google store.
To bypass the security protocol, the scammers used “packers” — software that is used to save space and hide the final payload. Typically, they are used to protect intellectual property or to inject malicious code that allows them to bypass antivirus programs.
90% of mobile fraud comes from Android devices
A report by DataVisor shows that 90% of mobile fraud comes from smartphones running the Android OS. The reason for this choice is that Android is an open-source platform, so attackers have low-level access to the system. Consequently, they can add new system features and make changes that other closed systems do not allow.In addition, there are many more applications created for Android than for iOS. They require multi-level access, which allows cybercriminals to find vulnerabilities and commit fraudulent actions.
Similarly, attackers can easily hack applications installed on outdated versions of the Android OS, as they are more vulnerable due to the lack of modern built-in protection methods and system security controls.
How to Fight Malicious Emulator Attacks and Stop Mobile Fraud
Mobile ad fraud has increased by 44% in the last year. Companies are constantly fighting automated malware attacks. And they still spend more time protecting ads on PCs than on smartphones. For the latter, they need modern methods for blocking bots and attacks using emulators that are aimed exclusively at clicking on mobile ads.What methods can be used to combat click fraud on smartphones:
- Real-time collection of hundreds of data points and behavior patterns and other characteristics of malicious bots on mobile emulators.
- Advanced detection of Android phone emulators.
- Determination and accounting of unique device identifiers, assessment and calculation of risks of interaction with specified versions of smartphones, etc.
This approach allows us to detect up to 30-50% of fraudulent traffic, improve and expand models for machine learning of click fraud protection systems, reduce the number of errors in identifying bots, and show ads only to real users without losing advertising budgets to fraudsters.
This is why advertisers and marketers turn to specialized bot blocking services like Botfaqtor as a preventative measure. There are many layers between data sources and applications where a cybercriminal can manipulate data, so collecting characteristic patterns allows you to detect malicious activity and reject suspicious traffic.
