RAINBOWMIX
RAINBOWMIX is the name cybersecurity researchers have given to a new Android advertising-fraud campaign, which is believed to be executed with the help of over 240 fake Android applications. Often, the bogus applications used to be disguised as emulators for popular games from the past. Cybersecurity experts estimate that the fake applications might have been installed over 14 million times, therefore turning the RAINBOWMIX campaign into one of the largest advertising-fraud operations to affect mobile users. The most worrying fact is that the RAINBOWMIX applications managed to bypass the Google Play Store's security mechanisms yet again, therefore allowing them to pose as trustworthy and verified software.
Thankfully, Google was quick to react to the issue once it was reported, and the fake copies were taken down from the Play Store recently. However, it is impossible to prevent active installations of the RAINBOWMIX applications from continuing to do their duties.
Fake Game Emulators Spread the RAINBOWMIX Applications Used for Advertising-Fraud
The applications used in the RAINBOWMIX campaign managed to stay under the radar for a long time because they did provide their users with the functionality they were looking for. For example, the 'game emulators' managed to run games for old consoles successfully. However, the bogus applications also performed other actions in the background –they displayed out-of-context advertisements disguised to look as if they are a part of YouTube, Facebook, Google or another reliable platform.
The RAINBOWMIX applications had some interesting functionality to allow the operators to increase the number of advertisements displayed. The software detected whether the user's screen was on or off automatically. Naturally, whenever the screen was on, the advertisement-fraud campaign picked up the pace and contacted the control server for as many advertisements as possible. The RAINBOWMIX campaign affected Brazilian users the most, as they accumulated over 20% of the traffic generated during the operation. In the meantime, US Android users generated 7.7% of the advertising-fraud traffic.
Android users need to remember that applications from the Google Play Store may not always be credible, and they should rely on external security solutions to keep them protected. While the RAINBOWMIX applications were not harmful, they could pose a major nuisance, definitely, due to their weird behavior. Installing a reputable Android anti-malware application is more than enough to mitigate intrusive software once and for all.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.