Android users are currently facing a new threat that could potentially benefit cybercriminals financially. This threat involves the exploitation of popular apps to deploy software that engages in ad fraud, generating fake clicks in the background of the device. While users themselves do not incur direct financial losses, the threat can significantly slow down their devices, posing an undesirable situation for smartphone owners.
Referred to as SlopAds, this attack has been exacerbated by the presence of infected apps within the Google Play Store. Initially identified by the Satori Threat Intelligence and Research Team, it is estimated that around 224 Android apps have been impacted by this threat, with downloads exceeding 38 million across various regions globally.
HUMAN’s Satori Threat Intelligence and Research Team provided further insights, stating, “We have uncovered and disrupted a sophisticated ad fraud and click fraud operation known as SlopAds. The threat actors behind SlopAds manage a portfolio of 224 apps and growing, collectively downloaded from Google Play over 38 million times across 228 countries and territories. These apps employ steganography to deliver their fraud payload and create concealed WebViews to navigate to sites owned by threat actors, generating fraudulent ad impressions and clicks.”
Upon becoming aware of the issue, Google promptly removed all affected applications from its platform, preventing new infections. However, users who have already downloaded these apps may still be inadvertently contributing to the profits of cybercriminals.
To address this, it is crucial for users to remain vigilant for any alert messages. The Satori Threat Intelligence and Research Team assures that users with identified apps installed on their devices will receive notifications prompting them to uninstall the apps. This process is facilitated through Google’s default Play Protect service, which issues warnings to users for prompt action in removing any compromised apps.
Ad fraud, although not directly harmful to users, serves as a revenue-generating scheme for hackers through fake clicks. Nevertheless, this illicit activity can lead to device sluggishness due to the increased background processes. As described by Google, “Ad interactions generated to deceive an ad network into believing traffic originates from genuine user interest constitute ad fraud, a category of invalid traffic. Ad fraud may stem from developers implementing ads in unauthorized ways, such as displaying hidden ads, automatically clicking ads, modifying information, or utilizing non-human actions (spiders, bots, etc.) or human activity intended to produce invalid ad traffic. Invalid traffic and ad fraud are detrimental to advertisers, developers, and users, eroding trust in the mobile Ads ecosystem in the long run.”