A research carried out by the security company White Ops demonstrated the fraudulent intent of many of the developer's applications RAINBOWMIX, most of which were retro video game emulators.
The offending applications would be more than 240, all for Android and all present in the official Google Play Store. The scam methodology they perpetuated would be that of OOC advertisements (out-of-context).
Between matches of an old Nintendo Entertainment System game, the application displayed advertisements that apparently came from reputable sources, such as Chrome or YouTube. In truth, these ads hid scams.
Toto, we're not on Nintendo anymore. The White Ops Satori Threat Intel & Research team announced today their investigation into a set of fraudulent apps they dubbed RAINBOWMIX. The apps purported to be NES emulators. Check out their research: https://t.co/gw8jRVVv8B#adfraud pic.twitter.com/Zu0xcgJdyj
- White Ops (@WhiteOps) October 8, 2020
All RAINBOWMIX applications have been removed from the Play Store, but if you have already downloaded them, you will still need to remove them from your devices. Who you can find a complete list of all the offending apps.
What made these applications, and the whole operation fraudulent, curious is that they actually worked. They were mostly simple emulators, but their functionality allowed them to land on Play Store and attract over 14 million downloads in total.
The fraudulent advertisements were hidden through a very simple method that made use of packers. These software put the code not allowed in the Play Store in SDKs considered legitimate, and therefore neither Google nor most of the antivirus for Android were able to identify them.
At the peak of the fraud last May, these apps were showing over 15 million advertisements per day. White Ops pointed out that the SDKs involved in the scam are not currently under investigation.
White Ops further explains how this type of scam affects not only customers who download apps. All those who sell and buy advertising within the applications can be considered an injured party. In fact, because of these scams, trust in these means drops drastically, fueling prejudices and mistrust.