A huge Android ad fraud network was distributing malware through 224 apps - until Google fought back

News
By published

At its peak, the network was generating billions of ad bid requests a day

Android reboot interface
(Image credit: Shutterstock / tomeqs)
  • SlopAds was a massive ad fraud scheme involving over 224 AI-themed apps that generated fake ad views and clicks
  • The apps were downloaded more than 38 million times globally, peaking at 2.3 billion ad bid requests per day
  • Google removed the apps and alerted affected users

Security researchers from HUMAN’s Satori Threat Intelligence and Research Team, together with Google, uncovered and dismantled a gigantic ad and click fraud operation, counting hundreds of apps, millions of downloads, and billions of daily ad bid requests.

The operation revolved around having victims generate fake ad views and clicks, essentially defrauding advertisers and ad networks out of their money.

The threat actors created at least 224 AI-themed apps (although the researchers said the number of apps grew by the day), all of which were hosted on the Google Play Store.

Removing the apps

If a victim downloaded it via an ad (as opposed to directly from the repository), the app would download a malicious payload called FatModule, which created invisible WebViews (built-in browsers).

These browsers, hidden from the victims’ view, load websites owned by the attackers, which are often either fake news sites, or HTML5 games. Once loaded, the WebViews would simulate ad clicks and impressions, basically turning the compromised smartphone into a ghost click farm.

The researchers dubbed the operation SlopAds.

Collectively, the apps were downloaded more than 38 million times, from 228 different countries and territories (the entire world, practically). At its peak, SlopAds accounted for 2.3 billion bid requests a day, HUMAN further explained, stating that the traffic from apps associated with SlopAds came from all over the world.

Still, most of the traffic originated either in the United States (30%), India (10%), or Brazil (7%).

HUMAN notified Google about their findings, and the search engine giant removed all of the identified apps from Google Play. Furthermore, the company said it notified everyone who had installed any of the malicious apps, suggesting victims remove them from their devices immediately.

However, that doesn’t mean SlopAds is done for good: “The sophistication of SlopAds suggests the threat actors will likely adapt their scheme again to try to continue to defraud the digital advertising ecosystem,” HUMAN warned.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.