HUMAN uncovers and disrupts ad fraud scheme affecting 89 apps with over 13 million downloads from Google Play and Apple App Stores

NEW YORK–(COMMERCIAL WIRE)–HUMAN Security, Inc. (formerly White Ops), the global leader in protecting businesses against digital attacks with modern defense, today announced the discovery and disruption of a highly sophisticated fraud operation targeting software development kits (SDK) advertising within 9 applications. on the Apple App Store and 80 Android apps on the Google Play Store, which together have been downloaded more than 13 million times. The attack, dubbed Squillis an adaptation of a fraud scheme first observed and disrupted by HUMAN’s Satori Threat Intelligence and Research team in 2019. While the attack is ongoing and actively monitored by Satori’s team, HUMAN has collaborated with Apple, Google and others to remove the rogue apps from their respective app stores.

“Our number one goal is to protect our customers and the digital ecosystem from cybercriminals like those behind these attacks. The only way we can do this is with modern defense, where we can work together across the industry on disruptions like Scylla,” said HUMAN Co-Founder and CEO Tamer Hassan. “We will continue to watch for other similar attacks and take advantage of collective protection work, where an attack on one is a protection event for all, disrupting the cybercrime economy. That’s the only way we win.”

Scylla is the third wave of an operation first discovered by HUMAN in 2019, in which a collection of over 40 Android apps openly committed multiple types of ad fraud. That scheme, dubbed Poseidon after code elements within the apps were broken due to Satori’s team’s reverse engineering efforts, causing Google to remove the apps from its Play Store. A 2020 adaptation of the scheme, dubbed Charybdis after Daughter of Poseidon, it incorporated additional code obfuscation and SDK targeting techniques.

Today’s announcement of the Scylla outage, named after Poseidon’s granddaughter, reflects a further evolution of the threat actors behind the scheme. While the Poseidon and Charybdis operations were entirely focused on Android apps, Satori’s team found evidence that Scylla is also targeting iOS apps and expanded the attack to other parts of the digital advertising ecosystem.

HUMAN’s Satori team worked closely with the Google Play Store and the Apple App Store to ensure that all apps identified as being associated with the Scylla operation have been removed from public access. HUMAN also worked closely with affected advertising SDK developers to mitigate the impact of the operation on their processes and their advertising partners. Customers of HUMAN’s MediaGuard solution are protected against fraud associated with Scylla and its predecessors.

Applications within the Scylla operation committed fraud through a variety of tactics, including:

  • Application spoofingin which the Scylla applications pretended to be other applications for digital advertising purposes,
  • hidden adsin which apps would display ads in places where a user would not be able to see them, and
  • fake clicksin which applications would keep track of real click on the ads to fake additional clicks later.

These tactics, combined with obfuscation techniques first seen in Operation Charybdis, demonstrate the increased sophistication of the threat actors behind Scylla. This is a in progress attack, and users should check the list of apps in the report and consider removing them from all devices. As this attack has already evolved several times, the Satori team has withheld certain details about the operation in order to better track and report on future adaptations.

HUMAN verifies the humanity of more than 15 billion digital interactions per week, offering businesses a platform with unmatched visibility into fraudulent activity on the Internet. HUMAN achieves this scale through its continued expansion in cybersecurity, including its recent merger with PerimeterX, which now offers a suite of products to protect the entire digital customer journey. Now that new partners and companies can take advantage of the Human Defense Platform comes an even deeper understanding of the cybercrime landscape, allowing HUMAN to continuously adapt and stay ahead of adversaries with modern defense (leveraging the visibility of Internet, network effect, and outages) and safeguard customers with collective protection against threat models they haven’t yet encountered.

Satori’s team used numerous tools to identify Scylla and its operators, information about which has been shared with law enforcement. For more information on Operation Scylla, visit the HUMAN blog.


HUMAN is a cybersecurity company that protects more than 500 clients from digital attacks, including sophisticated bots, fraud and account abuse. We leverage modern defense (Internet visibility, network effect, and outages) to enable our customers to increase ROI and trust while reducing end-user friction, data contamination, and security exposure. cybernetics. Today we verify the humanity of more than 15 billion interactions per week in advertising, marketing, e-commerce, government, education and business security, which puts us in a position to win against cybercriminals. Protect your digital business with HUMAN. To know who is realvisit

Leave a Comment