Redwood City, CA—Feb 20, 2019
Oracle today announced the discovery of and mitigation steps for “DrainerBot,” a major mobile ad fraud operation distributed through millions of downloads of infected consumer apps. Infected apps can consume more than 10GB of data per month downloading hidden and unseen video ads, potentially costing each device owner a hundred dollars per year or more in data overage charges.
DrainerBot was uncovered through the joint efforts of Oracle technology teams from its Moat and Dyn acquisitions. Now part of the Oracle Data Cloud, Moat offers viewability, invalid traffic (IVT), and brand safety solutions, while Dyn enables DNS and security capabilities as part of Oracle Cloud Infrastructure.
The DrainerBot code appears to have been distributed via an infected SDK integrated into hundreds of popular consumer Android apps and games like "Perfect365," "VertexClub," “Draw Clash of Clans,” “Touch ‘n’ Beat – Cinema,” and “Solitaire: 4 Seasons (Full).” Apps with active DrainerBot infections appear to have been downloaded by consumers more than 10 million times, according to public download counts.
“Mobile app fraud is a fast-growing threat that touches every stakeholder in the supply chain, from advertisers and their agencies to app developers, ad networks, publishers, and, increasingly, consumers themselves,” said Mike Zaneis, CEO of the Trustworthy Accountability Group (TAG). “These types of fraud operations cross all four of TAG’s programmatic pillars, including fraud, piracy, malware, and transparency, and preventing such operations will require unprecedented cross-industry collaboration. As the ad industry’s leading information-sharing body, we are delighted to work with Oracle to educate and inform TAG’s membership about this emerging threat.”
“DrainerBot is one of the first major ad fraud operations to cause clear and direct financial harm to consumers,” said Eric Roza, SVP and GM of Oracle Data Cloud. “DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices. We look forward to working with companies across the digital advertising ecosystem to identify, expose, and prevent this and other emerging types of ad fraud.”
“Mobile devices are a prime target with a number of potential infection vectors, which are growing increasingly complicated, interconnected, and global in nature,” said Kyle York, VP of product strategy, Oracle Cloud Infrastructure. “The discovery of the DrainerBot operation highlights the benefit of taking a multi-pronged approach to identifying digital ad fraud by combining multiple cloud technologies. Bottom line is both individuals and organizations need to pay close attention to what applications are running on their devices and who wrote them."
Detailed information and mitigation resources for DrainerBot can be found at info.moat.com/drainerbot, including:
Oracle Data Cloud’s Moat Analytics helps top advertisers and publishers measure and drive attention across trillions of ad impressions and content views, so they can avoid invalid traffic (IVT), improve viewability, and better protect their media spend. Among those solutions, Pre-Bid by Moat helps marketers identify and utilize ad inventory that meets their high standards for IVT, third-party viewability, and brand safety.
Oracle Cloud Infrastructure edge services (formerly Dyn) offer managed Web Application Security, DNS, and Internet Intelligence services that help companies build and operate a secure, intelligent cloud edge, protecting them from a complex and evolving cyberthreat landscape.
 All of the apps identified have recently generated fraudulent DrainerBot impressions identified by Moat Analytics.
Oracle Data Cloud helps marketers use data to capture consumer attention and drive results. Used by 199 of the 200 largest advertisers, our Audience, Context and Measurement solutions extend across the top media platforms and a global footprint of more than 100 countries. We give marketers the data and tools needed for every stage of the marketing journey, from audience planning to pre-bid brand safety, contextual relevance, viewability confirmation, fraud protection, and ROI measurement. Oracle Data Cloud combines the leading technologies and talent from Oracle’s acquisitions of AddThis, BlueKai, Crosswise, Datalogix, Grapeshot, and Moat.
Oracle Cloud Infrastructure is an enterprise Infrastructure as a Service (IaaS) platform. Companies of all sizes rely on Oracle Cloud to run enterprise and cloud native applications with mission-critical performance and core-to-edge security. By running both traditional and new workloads on a comprehensive cloud that includes compute, storage, networking, database, and containers, Oracle Cloud Infrastructure can dramatically increase operational efficiency and lower total cost of ownership. For more information, visit https://cloud.oracle.com/iaas.
The Oracle Cloud offers a complete suite of integrated applications for Sales, Service, Marketing, Human Resources, Finance, Supply Chain and Manufacturing, plus Highly-Automated and Secure Generation 2 Infrastructure featuring the Oracle Autonomous Database. For more information about Oracle (NYSE: ORCL), please visit us at www.oracle.com.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.