Cybersecurity firm Human has discovered and disrupted a mobile ad fraud campaign involving 89 mobile applications with a total download count of 13 million. The third iteration of Poseidon, a fraud scheme that was first discovered in 2019, is dubbed Scylla.
The second iteration of the campaign, Charybdis, was seen in 2020. Human has discovered 80 Android and 9 iOS applications that participated in ad fraud through app spoofing, hidden ads, and fake clicks as part of the new, still-active attack.
According to Human, the applications contained targeted advertising software development kits (SDKs) and obfuscated code resembling Charybdis. Code was included in some Scylla apps to impersonate other, entirely different applications in front of advertisers and ad tech firms.