Forbes: Mobile Ad Fraud: Why Should An Enterprise CIO Care?

August 30, 2017

Mobile Ad Fraud: Why Should An Enterprise CIO Care?

Most of the CIOs I meet with are concerned about mobile fraud, but they focus their resources on mobile commerce (card-not-present transactions), phishing attacks and/or ransomware.

CIOs and CTOs should not underestimate, however, the cost and manpower drain caused by mobile ad fraud for their corporate users and IT teams.


At face value, it would appear mobile ad fraud is primarily a problem for the advertiser and publisher — or the app itself that’s running the fraudulent ad. Why should a CIO or CTO care? Unfortunately, with advancements in mobile ad fraud, it’s rarely just one fraudulent ad.

Over the last few years, the number of different types of mobile ad fraud integrated into apps via malware has grown (and continues to grow) to include click spamming, click injection, ad stacking and invisible ads. Now, if an app that contains malware is downloaded by someone in a corporate environment, that could enable a hacker to use one of the aforementioned mobile ad fraud tactics to access the corporate network. It’s also highly likely that the initial corporate user who downloaded the app with the malware would encourage friends in the office to also download that app, infecting their devices, which could ultimately compromise the network.

The Far-Reaching Effects Of Fraud

There are many negative repercussions of mobile fraud. First, in order to generate fraudulent ad clicks, these phones need to communicate with the servers hosting the fraudulent activities. Next, these communications shorten a phone’s battery while increasing the data bandwidth used by the phone. Beyond this, fraudulent ads can also slow down the phone, resulting in a poor user experience.

So far I’ve addressed the more benign side of mobile ad fraud. Unfortunately, it can also be an opening for corporate hackers to gain access to your corporate network. Remember how alleged Russian hackers used fraudulent emails to gain access to the Democratic National Committee’s network? There’s no reason something similar could happen with a fraudulent mobile ad or app.

A good example of how mobile fraud can impact the enterprise is the ad malware attack from last year named CopyCat. The attack, which infected over 14 million Android devices, was the result of cyberattackers essentially highjacking apps, repackaging them with the malware and allowing them to be downloaded from third-party app stores. CopyCat utilizes an advanced technology to conduct various forms of ad fraud, including getting credit for fraudulently installing apps, displaying bogus ads while hiding their origin (so users can’t understand what’s causing the ads to pop up on their screens) and installing fraudulent apps directly to the infected devices.

With CopyCat, the malware waits until a device is restarted to ensure that a connection between the app installed and the malicious activity isn’t made. After restarting, once CopyCat roots the user’s device, it allows the attackers to gain full control of the device, essentially leaving the user defenseless.

Beyond the revenue CopyCat generates from fraudulent and malicious marketing activities, the risks to the enterprise are far greater:

  • Adware enables the stealing of sensitive information from infected devices, which can then be sold to third parties.
  • The perpetrators of adware campaigns root or jailbreak devices, leaving users vulnerable to other kinds of hacks. In the future, the same perpetrators could spread different, more nefarious types of malware or use them to create denial of service attacks.

Once hackers gain control of one mobile device connected to a corporate network, attackers then have all they need to breach the business’ complete network and gain access to sensitive data. Adware, which roots a device and leaves it vulnerable to any type of attack, is ultimately what these hackers are looking for in order to infiltrate a corporate network.

A Smart Plan Of Attack

From the broad range of devices, device types and operating systems that today’s CIO must support, coupled with users increasingly bringing in or buying their own hardware and software, it’s nearly impossible to eliminate mobile ad fraud in the corporate network. The best way to combat mobile ad fraud is via continuous employee education:

  • Corporate users should be careful with the apps they install. They should install popular apps from Google Play or Apple’s App Store that are familiar to corporate system administrators and uninstall the apps they’re no longer using.
  • Corporate users should make sure that the permissions asked aren’t suspicious. A flashlight app, for example, doesn’t need to know your location.
  • If something looks or seems suspicious, consult with your sysadmin.

While cyberattackers make it their mission to supersede the latest technologies and anti-fraud measures, savvy CIOs can set their organizations up for safety and success with thoughtful and cautious preventive measures.

– Ofer Garnett

You may also be interested in

MobyAffiliates: YouAppi rolls out Actionable Cohort Analysis and reaches 1.1bn in mobile profiles

YouAppi rolls out Actionable Cohort Analysis and reaches 1.1bn in mobile profiles By Anne Frier, MobyAffiliates, November 10, 2015 App marketing company, YouAppi, today announced the launch of its Actionable Cohort Analysis which provides marketers with greater insights into their users. As part of its OneRun platform, Actionable Cohort Analysis, attributes users to cohorts based on their […]

Continue Reading

Businesses, Large and Small, Embrace Enterprise Apps

Typically, the first thing that comes to mind when “mobile app” is mentioned is an unproductive, albeit addictive, game. However, this landscape is quickly changing. The Good Technology Mobility Index Report found Q4 of 2013 to be groundbreaking for enterprise app activations. Furthermore, market research expects the global marketing for enterprise mobility solutions to reach […]

Continue Reading

BizReport: Ad Roundup: Data integrations and re-engagement

Ad Roundup: Data integrations and re-engagement In today’s advertisement, a data integration platform, and a platform that ads re-engagement to the mix. by Kristina Knight First, YouAppi is expanding the OneRun Platform; the expansion will make available re-engagement targeting options to mobile brands. According to company data, initial trials of the re-engagement options increased engagement […]

Continue Reading

Looking to Identify High Quality Users with High Lifetime Value?

YouAppi is a fully managed solution for mobile brands, providing one single point to streamline their mobile media buying. YouAppi’s OneRun platform combines the power of machine learning with our proprietary predictive algorithms, and cohort technology, to analyze the mobile content consumption patterns of over 1.5B users, converting data into profitable users.

Access the Intelligence of YouAppi’s OneRun Platform:

  • 2 billion mobile profiles
  • 16,600 campaigns
  • 4.200 mobile apps and sites
  • 200 countries
  • 100 billion impressions monthly
  • 12 offices and global data centers
Let's Get Started