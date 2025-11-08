Hundreds of fake apps and millions of downloads contributing to billions in ad fraud – welcome to the brave new world of ghost click farms.

In September, security researchers uncovered SlopAds, a malicious app operation that turned 38 million Android devices into invisible fraud nodes.

This scheme secretly co-opted user smartphones into a massive distributed network that, at its peak, generated 2.3 billion ad bid requests every day.

Unlike traditional click farms, where rows of smartphones imitate customers, ghost click farms leverage personal devices to invisibly and remotely carry out the fraud, unlocking newfound scale and obfuscating detection.

To make matters worse, AI tools empower ad fraud actors to better automate attacks and do more with less.

This is a red flag for enterprises. Global ad fraud drains more than 20% of digital marketing spend and scams like this exacerbate an expensive problem.

Let’s take a deeper dive into this phenomenon and how companies, armed with their own smart tools and enhanced defenses, can fight back.

New scale, scope, and sophistication

The SlopAds fraudsters operated more than 200 AI-themed apps (like productivity tools and text-to-image creators) to capitalize on consumer interest and generate downloads.

These were cheap app interfaces designed to look legitimate on Google Play – much like mass-produced “AI slop,” hence the name – but technically performed as advertised.

However, a clever deception worked to both compromise select devices and cover up the scheme. Only users who discovered the app via a threat actor-run ad campaign (rather than finding it organically) would trigger a fraud payload in the background.

These apps quietly launched a malicious module and an invisible browser to load “cashout” sites filled with ads. By simulating human behaviors like scrolling, clicking, and viewing, the malware generated billions of fraudulent ad impressions with users none the wiser.

The goal was money, pure and simple. Fraudsters directed the ghost click farms to games and news websites they controlled, with every fake impression resulting in micro-payments that added up to millions of dollars.

Unfortunately, this is big business across the internet, with ad fraud outstripping credit card fraud as one of the world’s most lucrative digital crimes. Bad actors in this space enjoy higher margins and lower risk, while businesses and legitimate advertisers foot the bill.

AI further complicates ad fraud

In perhaps a sign of things to come, AI played a pivotal role in this network’s lure and attack mechanism. Not only did fraudsters attract downloads with AI hype, but they also used automation and mimicry to bypass platform filters.

The widespread availability of generative tools and their application in fraud threatens marketing metrics, trust, and outcomes across the board.

Bots like this skew click-through rates, kill conversions, and poison performance data. Likewise, ad platforms use auction systems to determine cost, so fraudulent “demand” artificially inflates prices.

Taking this a step further, it’s easy to imagine the weaponization of this technology in targeted attacks – a competitor could deploy ghost click farms via fraud-as-a-service to damage campaigns during critical periods.

With ad fraud projected to reach more than $170B by 2028, many marketers want to fight fire with fire. As a result, enterprises are increasingly incorporating AI to identify anomalous patterns that human analysts and traditional rules-based systems miss.

This is a cat-and-mouse game with fraudsters currently holding an edge they didn’t have a year ago. We’re battling bad actors in a productivity boom – we, too, must therefore adopt smarter tools and better methods to protect ad impact going forward.

How enterprises fight fake clicks

This is something that enterprises of all sizes need to consider now. Ad fraud wastes one out of every five marketing dollars and better tech in this space threatens even worse returns.

Begin by auditing campaigns for exposure patterns. This includes sudden traffic spikes from specific geographies, unusually high click-through rates with low conversions, and repetitive IP addresses.

Additionally, with Google only catching 10% of invalid clicks, operate under the assumption that platform-provided fraud protection isn’t enough. Third-party partners can help layer in smarter detection tools to catch bot-like clicking patterns and device fingerprinting inconsistencies as they happen.

This matters because time is critical. SlopAds scaled up over months and siphoned millions before discovery, making real-time detection non-negotiable.

Improved collaboration between network security and marketing teams is a good way to track unusual browser activity, unexpected API calls to attribution platforms, and suspicious command-and-control server communication patterns.

Treating ad fraud as a cybersecurity issue, and not just a marketing problem, introduces much-needed internal expertise and attention to the issue.

AI emboldens and equips cybercriminals to new heights of ad fraud. In fact, the ghost click farm scheme was so successful that researchers believe the threat actors will likely adapt it again to target the digital advertising ecosystem.

This brave new world demands brave new defenses – and it’s up to enterprises to move in lockstep.

