Incentivized by monetary gain, some app developers launch fraudulent campaigns to boost their apps' rankings in the mobile app stores. They pay some service providers for boost services, which then organize large groups of collusive attackers to take fraudulent actions such as posting high app ratings or inflating apps' downloads. If not addressed timely, such attacks will increasingly damage the healthiness of app ecosystems. In this work, we propose a novel approach to identify attackers of collusive promotion groups in an app store. Our approach exploits the unusual ranking change patterns of apps to identify promoted apps, measures their pairwise similarity, forms targeted app clusters (TACs), and finally identifies the collusive group members. Our evalu-ation based on a dataset of Apple's China App store has demonstrated that our approach is able and scalable to re- port highly suspicious apps and reviewers. App stores may use our techniques to narrow down the suspicious lists for further investigation.