White Ops is a bot prevention, and fraud protection cybersecurity company that recently identified quite a huge number of malicious Android apps. White Ops offers its cybersecurity services to businesses and other websites to ensure that all their traffic is human. They achieve this by having a multilayered defense that gathers, on average, two thousand five hundred signals per interaction and it only takes one failed test for the threat to be flagged and blocked. They specialize in threat hunting, malware reverse engineering, and threat modeling to be able to analyze and recognize new threats.
Their checks revealed that two hundred and forty Android apps were hail-storming users with irrelevant and out of context ads while simultaneously monitoring their phone usage engaging in deceptive behavior that is not typical of innocent apps. These observations were made by White Ops’ Satori Threat Intelligence and Research Team.
The Satori team named the malicious ads as RAINBOWMIX paying homage to retro colorful games available years ago that these apps emulate to be downloaded. The RAINBOWMIX apps use out of context ads or ads that seem to be coming from famous, trusted, and reliable sources like YouTube while actually originating from unreliable and malicious developers. The way that these apps are able to fly under Google’s radar is by using something called ‘packers’. This software packs the malicious code and obscures the actual harmful coding and reduces it in size. Once the app has been downloaded and the user allows it the permissions it needs it ‘unpacks” the actual coding and spams the user with ads.
RAINBOWMIX apps at first seem to be legitimate and work as they are supposed to, acting as low-end Nintendo emulators and ripped from legitimate sources or appear as low-quality games. The ads themselves also, as mentioned before, appear to be safe and from trusted companies. This allows the fraudsters to bypass Google’s bot detection systems and garner millions of downloads. Satori stated that these fraudulent ads led to over fourteen million downloads and at its peak fifteen million ad impressions each day. This is a prime example of why people are working tirelessly to develop new methods and ways to bypass online security features and scam users into downloading low-quality and undesirable apps and games. The fraudsters also monitored when users turned their screen on or off so that they could better time displaying the ads so that every time the user had their screen on they would receive the maximum number of ads. This is a very surprising and frightening thing to learn and to think that it could be happening to us or someone in our family or friend circle is a very concerning thing that we must take the strictest action against and as quickly and effectively as possible!
Their checks revealed that two hundred and forty Android apps were hail-storming users with irrelevant and out of context ads while simultaneously monitoring their phone usage engaging in deceptive behavior that is not typical of innocent apps. These observations were made by White Ops’ Satori Threat Intelligence and Research Team.
The Satori team named the malicious ads as RAINBOWMIX paying homage to retro colorful games available years ago that these apps emulate to be downloaded. The RAINBOWMIX apps use out of context ads or ads that seem to be coming from famous, trusted, and reliable sources like YouTube while actually originating from unreliable and malicious developers. The way that these apps are able to fly under Google’s radar is by using something called ‘packers’. This software packs the malicious code and obscures the actual harmful coding and reduces it in size. Once the app has been downloaded and the user allows it the permissions it needs it ‘unpacks” the actual coding and spams the user with ads.
RAINBOWMIX apps at first seem to be legitimate and work as they are supposed to, acting as low-end Nintendo emulators and ripped from legitimate sources or appear as low-quality games. The ads themselves also, as mentioned before, appear to be safe and from trusted companies. This allows the fraudsters to bypass Google’s bot detection systems and garner millions of downloads. Satori stated that these fraudulent ads led to over fourteen million downloads and at its peak fifteen million ad impressions each day. This is a prime example of why people are working tirelessly to develop new methods and ways to bypass online security features and scam users into downloading low-quality and undesirable apps and games. The fraudsters also monitored when users turned their screen on or off so that they could better time displaying the ads so that every time the user had their screen on they would receive the maximum number of ads. This is a very surprising and frightening thing to learn and to think that it could be happening to us or someone in our family or friend circle is a very concerning thing that we must take the strictest action against and as quickly and effectively as possible!
Here's the list all the bad apps and their package names, if you've any of them installed on your device, remove them ASAP.
junglezone.maniaadventures2
com.zwarriors.legendreturn
com.zuniversewarriors.kochampion
com.zulugames.kaiwarriors
com.zhyperdimension.infinitebattle
com.zenogames.dragonzevolution
com.zeldagames.n64emulator
com.zcrusherpower.pwg
com.zbattlegame.superwarriors
com.zarena.universebattle2
com.zarcade.zflashdimension
com.xwarriors.giantrings
com.woodman.fireredmonsters
com.whitehat.spyhunter
com.warriorsgame.RiseofBroly
com.utimatebattle.ninjaultimateskill2
com.unity.gamestapzfusionsaga2
com.ultrajackman.animebattle
com.ultrafighting.animechampions
com.ultrafighting.anime.champions2
com.ultrafighting.anime.champions
com.ultimateninja.fightingheroes
com.ultimateninja.animechampions
com.ultimateflash.ringexe
com.ultimatefighting.masterofskill2
com.ultimatefighting.masterofskill
com.UltimateArena.championZZZ
com.tournamentgames.zenoexpochampion
com.tinygame.circusclassic
com.thronedefender.riseofarcher
com.thewildwestriders.bountyhunters
com.themagicalquest.mouse
com.swimmingpoolkissing.princess
com.sweetykiss.bedroomkissing2
com.sweetykiss.bedroomkissing
com.sweetygames.animeavenger
com.superzfighter.tournament
com.superturtleswarriors.secretproject
com.superturtleswarriors.ninjaproject
com.superspeed.heroes2019
com.supersmash.n64emulator
com.superrockheroes.battlenetwork
com.supermjbuu.besttransformations
com.SuperGG.FightingWorld.HerofromUniverse
com.superfireboy.thelightdungeon
com.superfireboy.theforestdungeon
com.superdug.diggerinmaze
com.superdinosaurs.frogsoldier
com.supercomicgames.starsfighting
com.superclassic.dashwarriors
com.streethopper.basketchallenge
com.stickninjafight.legendary
com.stickhero.xiaoreturn
com.stickgames.batlestarsv5
com.stealthnaruassassins.tournament
com.starsfighting.greatwarofheroes
com.somari2019.theadventurer
com.soldierforce.snowfield
com.smcgames.snesplayer
com.smashbros.shadowrun
com.smashbros.fightingarena
com.simulators.blockartwarcraft.survival
com.shinigami.tournamentofshinobi
com.shinigami.realmdeathfight2
com.shinigami.realmdeathfight
com.shadowrun.adventuresofdashheroes
com.shadowdash.returnofknu
com.sgs.superbluefullpower
com.senamo.ultimateninjawar
com.sbo.awakeningofsaiyan
com.saiyanvsninja.arena
com.saiyanrevenge.zlegendaryz
com.saiyanfighters.kingofavengers
com.saiyanfight.vsninjapirate
com.saiyanclassic.fightinggames
com.saiyanchampions.thelegacyofsaiyan
com.rushadventure.shadowrings
com.rubypoke.kingofmonsters
com.royalflush.princesssidestory
com.roulettegame.soccerrandomteamgen
com.ronandgames.superzwarriors
com.roadfighterclassic
com.riseoftheninja.darkwar2
com.riseoftheninja.darkwar
com.ringmania.lostworld
com.rikigames.shenronblast2
com.rikigames.shenronblast
com.redfirepoke.gbaemulator
com.racingbattle.zdragonjumpracing
com.rabbitgames.ringchampion
com.pwlegend.fiercefightingarcade
com.puzzlegames.bombmaze
com.puzzgmamesstudio.icecaveattack
com.powerzfighters.superkakarot
com.pokestadium.n64emulator
com.pokerubygames.gbaemulator
com.pokegba.pokegamess
com.pokeemerald.gbaemulator
com.pokediamond.ndsemulator
com.pokeblack.ndsemulator
com.pocketlabs.emeraldmonsters
com.PiSNES.SNESforAPK
com.persianwarrior.recuseprincessjasmine
com.panicmaze.mushroomkingdom
com.pandagames.skilldashpower
com.nswon.legendaryshinobiwar
com.ninjasurvival.deathmatch
com.ninjarevenge.bladevssoul2
com.ninjarampage.legendarypower
com.ninjamoba.finalbattle
com.ninjagames.legendroad
com.ninjabon.battleofninja
com.ninjabattle.shinobilegend
com.ninjaarena.legendfighting2
com.nido64.n64retrogames.emulator
com.nicbros.thesecretrings
com.nesfcbro.nesemulator
com.neopop.neogeo.poco
com.ndsplayer.ndsemuforandroid
com.ndsemuclassic.emulatorv2
com.ndsemuclassic.emulator
com.nauticalking.burningwill2
com.nauticalking.burningwill
com.narugames.ninjafarewell
com.namekgame.dragons
com.myboypro.gbcemulatorpro
com.msluggames.supervehicle
com.mortalfighting.arcadepro
com.monfirered.gbaemulator
com.minigames.icecreammazepuzzle
com.mgba.romsemulators
com.metalgear.superwarriors
com.megagens.mdemulator
com.mazeescapeunblocked.kunmonkey
com.mangawar.battleofchaos
com.lufiagame.riseofthesinistrals
com.lovelygames.swimmingpoolkissing
com.littlestardev.powerchampionship
com.liongames.supermonkeykong
com.leoneboy.zroyalaction
com.legendstudio.bardockwarrior
com.legendofmana.secret
com.legendarywarrior.powerofbroly
com.leagueofninja.mobabattle2
com.leagueofninja.mobabattle
com.leagueofninja.mobaarena
com.leagueofjustice.animewarriorsreturn
com.leagueofjustice.animewarriors2
com.leagueofjustice.animewarriors
com.kog.zenexhibitionmarch
com.knucklesadvance.megamix
com.kissonthebeach.lovelygirl
com.kingofuniversefighters.ultrainstinct
com.kingofsaiyan.dragonarena
com.kingdomofbowmans.magicarrow
com.kingdomguardian.rushwars
com.kimmesegames.endlessring
com.kidicarus.angelland
com.karolinagames.powerfighters2
com.karolinagames.powerfighters
com.jumpsuperstars.ultimatebattle
com.jojovsninja.battle
com.johnslabs.superwarriorsmoba
com.jackalshooting.supersoliders
com.hotboyandicegirl.templeinforest3
com.hotboyandicegirl.templeinforest2
com.hotboyandicegirl.templeinforest
com.hopkins.borutofights
com.hokage.unlimitedheroes
com.gunsmoke.legendshooting
com.greatdbzgames.dragonofdiamond
com.gbcdeluxe.emulatorforandroid
com.gammastudio.uchihabattle
com.gamez64.nin64emulator
com.game64street.classicfighting
com.frontierknight.evildrrobo
com.footballcaptain.worldtournament
com.fireicecouple.thelighttemple
com.fireflygames.fireherolightpuzzle2
com.fireandicecouple.theicetemple
com.fighter.godofuniversecrusader
com.fieldsofjustice.championsbattle
com.farmergame.saiyankoarena
com.farewellgames.ninjamagicwar2
com.farewellgames.ninjamagicwar
com.fanmades.comicninjabattle
com.epicworldbattle.stormpower2
com.epicworldbattle.stormpower
com.epicwildgames.demontail
com.epicnine.hakibattle
com.earthbound.thegiftmanchronicles
com.dwagames.superzwarriors
com.dragonstudio.kamestickheroes
com.dragongames.battleofssjj
com.dragonbrothers.waterfall
com.dragonbrothers.jungleattack
com.dragonbattle.doublerevenge
com.doubleheroes.dragon
com.denisnapoleon.felixpille.dbzauraofagod2
com.denisnapoleon.felixpille.dbzauraofagod
com.demonlabs.leagueofwarriors
com.dbziny.dragonkungfu
com.dbzgames.resurrectionfrieza
com.craftvalley.masterblockpe
com.comicgames.mangaworldbattlesaga
com.comicgames.animeninjaarena
com.colorisland.bubblebobble
com.cocolabs.magicstickwarriors
com.classicnes.emulator.retrogames
com.classiccar.jackaljeep
com.clashofdragon.stickheroes.ncr
com.circusclassic.lionjump
com.chaosgames.kamebattle
com.championgame.supergodfist
com.challenger.whitehatcowboy
com.cactusteam.monstervshero
com.buzzygames.worldtour
com.bubblebobble.ghostmaze
com.blazering.dashwarriors
com.blazering.crazyworld
com.blackflag.piratesvsfairysuperbattle2
com.bestclassic.supersmashflash
com.battletoadsfighter.toadmania
com.battletoads.dragonbro
com.battleofz.superwarriors
com.battleofz.sragonsmash2
com.battleofz.sragonsmash
com.battleofsuper.warriorssuperblue
com.battleofsaiyan.universes
com.battleofpirates.legendreturn
com.battleflag.senki.warofheroes2
com.battleflag.senki.warofheroes
com.banjolab.ninetailstransformation
com.badicecreamdeluxe.fruitattack
com.badicecream.icepowers.bnn
com.badicecream.icepowers
com.avengersleague.mobabattle2
com.avengersleague.mobabattle
com.asunaxwarrior.theflashswordlegend2
com.asunaxwarrior.theflashswordlegend
com.androidapk.gbaemulator
com.andersonic.play
com.adventuresofchipmunks.rescuerangers
com.adventuregame.inforestisland