Facebook said it filed a lawsuit today against two Android app developers from Asia for orchestrating a "click injection fraud" scheme against Facebook ads.
The two app developers are LionMobi, based in Hong Kong, and JediMobi, based in Singapore. Facebook said the two companies created apps with malware-like features and made them available via the official Google Play Store [LionMobi profile; JediMobi profile].
Both LionMobi and JediMobi apps were using Facebook ads to monetize their apps. Once real users installed the apps on their phones, malicious code hidden inside the apps would generate fake user clicks on Facebook ads.
These fake clicks would give the Facebook advertising platform the false impression that real users had clicked on the ads.
Using this scheme, known as click fraud, the two app makers earned money from Facebook's advertising program, the Facebook Audience Network.
In addition, Facebook said one of the app makers -- LionMobi -- also advertised its malicious apps on the Facebook platform, in violation of the company's advertising policies.
As a result of this scheme, Facebook said it had to refund all advertisers who paid to have their ads on the Facebook Audience Network platform, and had their ads clicked via this fraudulent method. This happened in March 2019.
The social network is now suing the two app makers as a result in what Jessica Romero, Director of Platform Enforcement and Litigation, called "the first of its kind against this practice."
A Facebook spokesperson did not immediately respond to a request for comment.
Google, despite advances in its app scanning capabilities, has had a hard time detecting and preventing these apps from being uploaded on the Play Store for years.
Related cybersecurity coverage:
- Telegram rolls out fix for voicemail hack used against Brazilian politicians
- Google researchers disclose vulnerabilities for 'interactionless' iOS attacks
- AT&T employees took bribes to plant malware on the company's network
- US military purchased $32.8m worth of electronics with known security risks
- GitHub sued for aiding hacking in Capital One breach
- Cisco to pay $8.6 million for selling vulnerable software to US government
- iOS developers still failing to build end-to-end encryption into apps TechRepublic
- The best identity theft monitoring services for 2019 CNET