Android users are currently facing a new threat that potentially transforms their devices into profit machines for cyber attackers. This emerging attack leverages popular applications to install software that engages in ad fraud by running discreetly in the background, generating fake clicks. While users may not incur direct financial losses, the threat can significantly slow down device performance, posing an unwelcome risk for smartphone users.
The threat, coined as SlopAds, has been exacerbated by the presence of infected apps within the Google Play Store. Initially identified by the Satori Threat Intelligence and Research Team, an estimated 224 Android apps have been affected by SlopAds, amassing over 38 million downloads worldwide.
HUMAN’s Satori Threat Intelligence and Research Team elaborated on the situation, stating, “We have discovered and disrupted a sophisticated ad fraud and click fraud scheme known as SlopAds. The operators of SlopAds manage a group of 224 apps, downloaded collectively more than 38 million times from Google Play across 228 countries and territories. These apps deploy intricate techniques such as steganography to deliver their fraudulent payload, creating obscured WebViews to navigate to malicious sites owned by threat actors, thereby generating counterfeit ad impressions and clicks.”
Upon being alerted to the issue, Google swiftly removed all offending applications from its platform, preventing new infections. However, existing users who have downloaded the implicated apps may still inadvertently contribute to the profits of cyber criminals.
To mitigate risks, users are advised to remain vigilant for warning messages. The Satori Threat Intelligence and Research Team assures that individuals with identified apps on their devices will receive alerts prompting them to uninstall the applications. This process is facilitated through Google’s Play Protect service, which is enabled by default. In the event of a warning, immediate removal of the app is strongly recommended to safeguard against potential threats.
Ad fraud, a peculiar form of cyberattack, profits perpetrators by generating fake clicks without directly harming users. Despite the absence of financial losses, the operation can overload devices, resulting in decreased performance. Google defines ad fraud as the manipulation of ad interactions to deceive ad networks into believing that the traffic originates from authentic user interest, constituting a form of invalid traffic. This deceptive practice, harmful to advertisers, developers, and users, erodes trust within the mobile advertising ecosystem.
At Reach and our affiliated entities, data collected through cookies and identifiers is utilized to enhance site experiences, analyze usage patterns, and deliver personalized ads. Users have the option to opt out of data sharing by clicking the “Do Not Sell or Share my Data” button on the website. By accessing our services, users consent to the utilization of cookies and agree to the terms outlined in our Privacy Notice and Terms and Conditions.