Click Fraud Example: “Tekya” Imitated Users

Click Fraud Example: "Tekya" Imitated User’s Clicks

The Covid-19 pandemic has changed almost every aspect of our lives, from work to socializing, shopping, and exercising. With the overarching rules advising people to stay at home and minimize in-person contact, one industry that has boomed is the mobile app market. In the second quarter of 2020, new downloads hit 35 billion and amassed $27 billion from in-app spending, making it the largest period for mobile app usage.

While businesses and brands look to seize the day and tackle the challenges of digital head-on, unfortunately, the growing ecosystem also opens up a new playground for those with malicious intent. The last eighteen to twenty-four months has seen an increase in digital fraud attacks, some, such as Tekya, coming at a high cost to advertisers and consumers.

What is Tekya?

In February 2020, a team at Check Point Software discovered malware known as Tekya, embedded in multiple apps across the Google Play store. Tekya generates money for cybercriminals by pretending to be a user clicking on ads and banners sourced from legitimate agencies such as Google’s AdMob, AppLovin’ and Facebook.

Tekya works using the Android MotionEvent reporting mechanism to imitate how a human user clicks on an ad. The Google Play Protect security system was unable to spot the malware by hiding within native code. The code is distributed within a software development kit (SDK) that app developers widely use worldwide, with a few lines very easy to miss.

In total, 56 Google Play store apps were affected by Tekya, with most targeting children, such as puzzle and racing games. The remainder were utility apps such as calculators, translators and downloaders. Let Me Go and Cooking Delicious were two of the most popular apps that were infected.

  • Race in Space (game – downloaded 100,000+ times)
  • Let me Go (game – downloaded 100,000+ times)
  • Cooking Delicious (game – downloaded 100,000+ times)
  • Scientific Calculator (utility app – downloaded 50,000+ times)
  • ITranslator (utility app – downloaded 50,000+ times)
  • Nightmare Parkour (game – downloaded 10,000+ times)
  • Photo & Video Downloader (utility app – downloaded 10,000+ times)

For marketers using those apps to promote their business, they would have seen a growth in click volume from their ads but minimal movement in conversion rate, given the illegitimacy of the audience. Meanwhile, fraudsters receive credit and payouts for the clicks.

Research by Professor Roberto Cabazos of the University of Baltimore found that 14% of all online ad clicks are invalid, resulting in billions of dollars in click fraud losses.

The Tekya case study and the statistics above show that users cannot solely rely on Google Play’s security measures to ensure devices are protected. Applying more advanced security to devices is becoming pivotal to combat digital fraud, which is where Fraud Blocker can help.

How to prevent mobile click fraud

As an advertiser or publisher, there are specific measures you can take to reduce the potential for click fraud. First, you can check Google Analytics to see if any IP addresses repeatedly click ads and block them manually. Second, if you target ads to particular audiences, they will be less susceptible to click fraud. Also, you should understand the type of ads you are running, such as retargeting or display ads, and how you can make them better protected from fraudsters. 

Consumers should look to multilayer mobile security solutions that can protect devices against adware and unwanted applications.

But the Fraud Blocker platform can help protect against click fraud without all the hassle. It checks for complex bots, helps locate potential click farms, understands the cause of accidental clicks, finds malicious publishers or vengeful customers. The 24/7 fraud monitoring detects fraudulent ad clicks and then blocks them from displaying in real-time while also alerting you that it has done so.

Fraud Blocker can be installed on virtually any website in less than five minutes and has the potential to save you thousands of dollars and protect your customers. Contact our team of experts today to see how we can eliminate wasteful spending and maximize your ROI.

Facebook
Twitter
LinkedIn
Email

More from Fraud Blocker