According to Facebook, Hong Kong-based 'LionMobi' and Singapore-based 'JediMobi' app developers were distributing malicious Android apps via the official Google Play Store that exploit a technique known as "click injection fraud."
Click injection is a type of attribution fraud where fraudsters manipulate the attributions to steal the credit from the actual source of app installation in an advertising process that involves Cost Per Installation model.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
In simple words, a malicious app installed on a device automatically generates a fake click to the advertisement network with its own tracking codes when it finds that the user is installing a new app from any other source to claim itself as the source of the installation.
Therefore, Advertisers end up paying commission to the wrong sources/publishers who had no role in helping install promoted apps.
Click injection is a fairly common form of ad fraud and is not just limited to Facebook Audience Network, a platform that helps publishers monetize their third-party apps and websites with ads from global Facebook advertisers.
"LionMobi and JediMobi generated unearned payouts from Facebook for misrepresenting that a real person had clicked on the ads," Facebook said in a statement.
"The malware created fake user clicks on Facebook ads that appeared on the users' phones, giving the impression that the users had clicked on the ads."
Late last year, Cheetah Mobile—a prominent Chinese app company, known for its popular utility apps like Clean Master and Battery Doctor—were also caught up in an Android ad fraud scheme that stole millions of dollars from advertisers.
Facebook says it has banned the developers from its ad network and refunded impacted advertisers back in March 2019.
It appears Google has also suspected Play Store accounts for both, LionMobi and JediMobi, developers.