A sneaky piece of advertising software may be responsible for driving up millions of Android users' mobile data usage and wasting their device's battery life, according to researchers at the technology company Oracle.
The code, which Oracle said Wednesday is at the heart of a massive ad fraud operation that it's calling "DrainerBot," works by quietly downloading gigabytes of video ads to a consumer's smartphone and then displays them - invisibly - to users of apps that have been infected by the bot.
The software affects hundreds of Android apps that have been downloaded collectively more than 10 million times, the researchers said.
Because the invisible advertisements rely on the phone's mobile data connection and processing power, the bot can lead to more than 10 GBs of extra data usage per month, Oracle said, exposing some cellphone users to possible data overage fees.
Consumers aren't the only ones potentially harmed by the bot, said Eric Roza, senior vice president at Oracle. The bot wastes marketers' money by selling ads that nobody sees, and it tarnishes the app developers who were likely unaware of its existence, he said.
"This is a crime with three layers of victims," he said in an interview. "I hadn't seen anything like this before."
Oracle's researchers first stumbled across DrainerBot last summer, when network analysts flagged a suspicious spike in data traffic from some Android devices. Soon the company traced the bot's code to a Dutch firm that specializes in combating app piracy.
The Dutch company, Tapcore, released a statement Wednesday saying it had no involvement in the scheme. Tapcore's main business aims to help app developers get paid, through advertising, when software pirates use their apps illegally.
"Tapcore strongly denies any intentional involvement in this supposed ad fraud scheme and are extremely surprised by the Oracle findings. We've already launched a full scale internal investigation to get to the bottom of it and will be providing updates as they become available."
Tapcore's software is ordinarily integrated into other apps before they're published, and only serves ads to users who acquired the apps illegitimately, according to its website. Downloading an app with Tapcore's code in it from the Google Play Store, for example, is not supposed to trigger the advertising. Tapcore's offer to advertisers does not appear to mention the ad bot.
In a statement Wednesday, Google said it has blacklisted all of the infected apps identified by Oracle and is investigating the two remaining apps cited by Oracle that were still active on the Google Play Store. The other apps on Oracle's list either never appeared on Google's app store, or were removed previously for other reasons.
"Google Play developer policies prohibit deceptive and malicious behavior on our platform. If an app violates our policies, we take action," Google said.
There is little reason to expect that app developers or app store operators would have detected DrainerBot during the normal development process, Oracle said.
After lying dormant for a period of time within an infected app, the infected software kit distributed by Tapcore was programmed to reach out to a server and download additional code that ultimately activated DrainerBot. Oracle said the intentional delay likely made it harder to detect the plot. Oracle said it was notifying the public of the ad fraud operation to protect the value of legitimate advertising.
Ad industry groups are expected to brief marketers on DrainerBot later this week.
"We are delighted to work with Oracle to educate and inform TAG's membership about this emerging threat," said Mike Zaneis, chief executive of the Trustworthy Accountability Group, which is led by companies such as Disney, Google and Facebook.
• 4 ways Trump could go after Google
• A woman dared -- yes, dared! -- to question Fitbit's accuracy and almost ended up in a legal no-man's land
• Supreme Court's travel ban ruling could have big implications for Trump's Twitter account
• What happens if police officer forces you to unlock your iPhone X with your face?
• The latest NSA leak is a reminder that your bosses can see your every move
• Supreme Court ruling changes what it means to buy almost anything
• The Supreme Court's big ruling on 'patent trolls' will rock businesses everywhere
• How to protect yourself from the global ransomware attack
• The future of Internet business might rest on this obscure court case
• Your guide to choosing an unlimited data plan
• A federal court may have just added to Clinton's email woes
• The Internet may never be the same, thanks to this landmark court ruling
• His Internet was too slow. What he did when the cable company wouldn't rectify the situation
• The real reason America controls its nukes with ancient floppy disks
• What happens when a top privacy and security regulator falls for an email scam?
• The infuriating rule American Airlines won't tell you about until it's too late