By Muhammad Sal
Security experts have uncovered one of the largest mobile advertising scams in recent memory, involving 224 apps on the Google Play Store that have been downloaded over 38 million times worldwide.
Known as SlopAds, this deceptive operation covertly generated fake ad impressions and clicks behind the scenes, diverting advertising funds without delivering actual engagement to brands. The fraud was detected by HUMAN’s Satori Threat Intelligence team, who promptly alerted Google.
Using sophisticated techniques such as steganography and hidden web browsers embedded within the apps, the scheme opened unseen windows that accessed cashout sites controlled by the fraudsters, accumulating a staggering 2.3 billion bid requests daily.
The scam was engineered to remain under the radar by only activating on devices that installed an app after clicking on a SlopAds-linked advertisement, while other installations stayed inactive. Researchers described this as an advanced exploitation of marketing attribution technology.
All users with these apps installed will receive warnings through Play Protect, which is automatically enabled on Android devices with Google Play Services – the report stated
The illicit traffic generated by SlopAds spanned 228 countries, with the bulk of the activity coming from the United States (31%), followed by India (11%) and Brazil (7%). Many of the involved apps, along with related servers and domains, carried an AI motif, inspiring the campaign’s name.
In addition to generating bogus ad views, the apps collected extensive device and browser data, enabling the perpetrators to fine-tune their operations. Encrypted commands, delivered through Google’s Firebase platform, instructed the apps to load fraud modules, access cashout sites, and execute scripts critical to revenue generation.
In some cases, even the fraud management components were concealed within PNG image files, later reconstructed on users’ devices to form executable code. One notable cashout technique involved HTML5 games and news websites controlled by the scammers, which displayed ads at high frequency in hidden browser windows, unseen by users. Advertisers, however, paid for impressions and clicks that never reached actual audiences.
To users, these applications seemed harmless but quietly consumed device resources in the background. For advertisers, the consequences translated into millions of dollars lost to phantom ad engagements.
Unfortunately, this is not the first instance of malicious apps exploiting the Google Play Store to deceive users and advertisers. Last October, researchers from the Zscaler ThreatLabz team uncovered more than 200 harmful apps downloaded nearly eight million times.
The report also stated that Nigeria ranks among the top ten countries targeted by mobile malware attacks, alongside India, the US, Canada, South Africa, the Netherlands, Mexico, Brazil, Singapore, and the Philippines.
Experts urge continued vigilance and enhanced security measures to protect both consumers and brands from increasingly sophisticated digital threats.
We’d love your thoughts on this article! Was the information relevant to you?
