One of the CBA’s methods tried to defraud the Facebook Audience Network. After we, the Zimperium malware team, identified the CBA, we knowledgeable the Traffic Quality and Fraud team at Facebook about the malicious apps. We offered the application’s details, the SDK’s account ids and auto clicks we were able to reproduce so Facebook could decide how to react. They at once removed the apps from the Audience Network and knowledgeable us that our research enabled them in finding a set of apps that were using this same attack vector. Our analysis helped verify the apps were indeed malicious and remove the options the clicks were from bots and never real users.
