Security researchers have discovered almost 100 malicious apps on both the Google Play Store and Apple’s App Store. The apps, which have been downloaded 13 million times, contain adware and are known to be involved in the Scylla ad-fraud campaign. This ad-fraud scheme aims to make money by displaying unwanted visible and hidden advertisements on mobile devices. The ads are triggered when the user clicks on ads or specific locations — and even by simply unlocking their phone screen.

What is Scylla Adware?

Scylla is the latest generation of the advertisement fraud known as Poseidon, which had  previously been succeeded by Charybdis. Scylla masquerades as legitimate apps and can launch intrusive ads in the background of mobile devices. Scylla collects ad click data even when the phone is inactive, so that user is unaware of anything suspicious. Furthermore, its software code can also be used to propagate malware on the user’s device, such as ransomware.

The malicious apps listed below have been removed from the Google Play Store and the App Store. If you previously installed them on your device, make sure to uninstall them.

Delete These Malicious Apps!

iOS

• Loot the Castle
• Run Bridge
• Shinning Gun
• Racing Legend 3D
• Rope Runner
• Wood Sculptor
• Fire-Wall
• Ninja Critical Hit
• Tony Runs

Android

What Happens If Your Device Is Infected with Scylla and Charybdis?

Ad-fraud apps can do the following on your device:

• Display large numbers of unwanted advertisements and notifications
• Drain phone battery
• Increase internet or mobile data usage
• Attackers make a profit from hidden ads that the malicious app counts as “viewed” because it reports to advertising platforms that it has shown an ad to the user — even if the user never did
• Collect actual clicks or taps on a mobile device from users and relay that information to advertisers as fake ad clicks to earn money
• Drop malware and install malicious app extensions and ransomware

Tips to Protect Yourself from This Ad-Fraud

Here are the best practices to prevent your devices from being compromised by this malware:

• Always make sure that your mobile device operating system is up to date.
• Be cautious in installing applications. Install only from official stores, verify the publisher’s legitimacy, and read app reviews.
• Be skeptical when it comes to device permissions being required by an app.
• Use strong passwords or install password manager apps to protect account credentials.
• Install antivirus software on mobile devices such as Trend Micro Mobile Security.

How Can Trend Micro Protect You?

Trend Micro Mobile Security offers complete protection against malware hidden in apps. Its real-time Security Scan feature provides the most comprehensive anti-malware capabilities available. It also offers a Pre-Installation Scan feature that prevents malicious apps and malware on Google Play before you can install them.

You can install Trend Micro Security for Android by following the instructions here.