Security Researchers Discover Ten Adware Apps on the App Store

BY Dave Johnson

Published 28 Sep 2022

Adware app

A security research team has recently discovered ten adware apps on the App Store that were engaging in ad fraud. 

Adware is unwanted software that generates revenue for developers by throwing advertisements up on your screen. Thanks to Apple’s review process, very few adware make it to the App Store. However, some apps still manage to slip through. 

The HUMAN’s Satori Threat Intelligence team recently reported finding ten adware on the App Store and more than 75 on Google Play, totaling 13 million installs. 

According to Bleeping Computer, the apps are part of an ad fraud campaign that the security team calls “Scylla.” As the publication pointed out, the adware is the third wave of a fraud operation that was first uncovered in August 2019. 

The Satori team informed Apple about their findings. So the apps have already been removed from the App Store. However, you may want to delete the following apps from your phone if you have them installed: 

  • Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
  • Racing Legend 3D – com.racing.legend.like (id1589579456)
  • Wood Sculptor – com.wood.sculptor.cutter (id1603211466) 
  • Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
  • Shinning Gun – com.shinning.gun.ios (id1588037078)
  • Tony Runs – com.TonyRuns.game
  • Rope Runner – com.rope.runner.family (id1614987707)
  • Fire-Wall – com.fire.wall.poptit (id1540542924)
  • Run Bridge – com.run.bridge.race (id1584737005) 

Here’s how it works. 

About the Adware Apps

Besides throwing ads at users, the Scylla apps also impersonate legitimate apps and impressions to generate revenues. That’s because the fraudulent apps use a bundle ID that doesn’t match their publication name. 

With that, advertisers are deceived into thinking the ad clicks and impressions come from a more profitable software category. Indeed, 29 Scylla apps imitated roughly 6,000 CTV-based apps, continually changing the IDs to evade fraud detection. 

Ultimately, the researchers recommended ways to identify apps that use ads fraudulently. Two ways include monitoring your smartphone for rapid battery drainage and checking for increased internet data usage. 

It’s also best to avoid installing apps from suspicious developers.