DrainerBot spreads thanks to apparently legitimate Android apps and high-sounding names

DrainerBot, the malware that consumes phone data traffic

A group of computer security researchers has discovered several counterfeit apps on the Play Store that consume data traffic by reproducing advertisements.

DrainerBot spreads thanks to apparently legitimate Android apps and high-sounding names

The imagination of hackers, by now, has accustomed us to practically everything. Over time we have seen malware designed to steal data ; those to turn PCs and smartphones into “zombies” and control them remotely ; not to mention those who exploit the resources of the infected device to create cryptocurrencies of all kinds , from Monero to Bitcoin .

Viruses created to consume the data traffic of the affected users’ phone plan , however, had not yet been heard of. And, most likely, nobody missed it. The fact is that the security researchers of Oracle have found malicious code hidden in the Android app whose main purpose seems to be exactly to consume the gigabytes of data traffic of our rate plan by running videos in the background, without the user noticing . Behind this anomalous behavior, however, hides a scam perpetrated by a group of hackers against advertising networks.

How DrainerBot works

The malware, as mentioned, spreads thanks to apparently legitimate Android apps and high-sounding names. At the moment, in fact, DrainerBot has been identified in the app as “Perfect365”, “VertexClub”, “Draw Clash of Clans”, “Touch ‘n’ Beat – Cinema” and “Solitaire: 4 Seasons (Full)”. As soon as the infected applications were downloaded and installed, DrainerBot went into operation, starting to play videos in the background and thus quickly consuming all the data plan data traffic.

But what is the real purpose of DrainerBot? As mentioned initially, in fact, data consumption is only the most “obvious” behavior of the malware. In reality, compromised apps play advertising videos, which allow hackers to gain by cheating advertising networks . The ads, in fact, were not really displayed by users, but were reproduced without anyone noticing. Not even the managers of the scammed advertising networks.

According to Oracle analysts, infected apps can consume up to 10 gigabytes of data every month and therefore represent a risk for the users affected. If your tariff plan has lower thresholds, in fact, you run the risk of seeing your residual credit fall rapidly or, even worse, of receiving particularly high bills.