Beware of Malware Scams That Could Steal Your Data through Giveaways or Likes

White Ops’ Satori Threat Intelligence & Research team came across the ad fraud malware operation and named it TERRACOTTA, which began in the late 2019s. This operation led to more than 65,000 oblivious participating devices, pasquinade 5,550 Android apps, and produced 2.4 billion bidding requests.



Malware scammer’s objective when it comes to online social media is to get people to “register or follow or like” to win or attain some goodies through giveaways or gain an offer, and then try to steal away the personal information. Editing the post after accumulating enough likes and shares makes it very easy to add something spiteful, such as a link to a website that downloads malware.

People witnessed a similar case when the users were going through the Google Play Store. They were convinced to download an app and enter all their details (For Example, Name, Address, Shoe Size, etc.) unaware of malware installed in their systems. They were requested to pick up a pair of shoes and assured them to mail them to their doorstep free of cost within two weeks. In this scenario, there was no hidden fee, charge, or any dubious request.

The central team who promised these kinds of giveaways initiated this malware through falsified apps. The whole concept of malware revolves around advanced features, principally around detection evasion.

People in the initial stage gave five stars and outstanding reviews for such apps on Google Play Store. Later, when they learned about the malware being downloaded, they got disheartened as they got cheated and did not get the promised freebies. They even expressed their disappointment in reviews after suspecting such spiteful activity.

Due to these fraudulent malware related acts, Google withdrew all such fake apps from Play Store, after which the fraudsters could only depend on unofficial APKs as well as existing installations for malware to get downloaded.

To save yourself from such fraudulent ventures, you should consistently use your best judgment. For example, if a post says you can win something just by sharing the post, it is, in all likelihood, not true. If a post twitches at your inmost heart and isn’t about someone, you recognize personally, be sure about the facts of its content and know that it’s malware. Never click ‘like’ on every post in your feed. Scammers always count on gaining as many likes as possible. It would help if you were convinced not to like such posts that you do not find to be licit to avoid malware getting into your system. This helps in breaking off scammers to spread their cons.

Moreover, you need to be uncommonly attentive when distributing personal details. Until you know or trust a person or company, never share your personal information such as name, contact details, address, etc. Make sure you always reform your web browser to avoid getting victimized by malware scammers by unintentionally clicking on their posts.