Android users are currently facing a new threat that could potentially transform their devices into money-making tools for cyber criminals. This latest attack involves the exploitation of popular apps to install malicious software designed to carry out ad fraud. The malicious software operates surreptitiously in the background of the device, generating fake clicks. While users do not directly lose money, this threat can significantly slow down devices, posing an undesirable risk for smartphone users.
This attack, known as SlopAds, has been exacerbated by the presence of infected apps on the Google Play Store. Initially identified by the Satori Threat Intelligence and Research Team, an alarming 224 Android apps were found to be affected by this threat. These apps have collectively garnered over 38 million downloads worldwide.
The HUMAN’s Satori Threat Intelligence and Research Team shed light on the operation behind SlopAds, stating, “We have uncovered and disrupted a sophisticated ad fraud and click fraud operation dubbed SlopAds. The threat actors responsible for SlopAds manage a network of 224 apps, downloaded from the Google Play Store over 38 million times across 228 countries and territories. These apps utilize steganography to deliver fraudulent content and create hidden WebViews to redirect to the threat actor’s fraudulent ad sites, leading to the generation of fake ad impressions and clicks.”
Upon being alerted to the issue, Google took swift action by removing all offending applications from its platform. While new users are now safeguarded from potential infection, existing users who have downloaded the affected apps may unknowingly be contributing to illicit activities. Hence, vigilance is crucial to mitigate the risks posed by this threat.
The Satori Threat Intelligence and Research Team has assured that users with identified apps on their devices will receive an alert prompting them to uninstall the apps. This aligns with Google’s Play Protect service, which is enabled by default. Users encountering warnings are advised to promptly remove the implicated apps to prevent further harm.
Ad fraud, a deceptive scheme that benefits cybercriminals through fake clicks, does not directly harm users but can lead to device slowdowns due to increased background activity. Google defines ad fraud as the generation of ad interactions aimed at deceiving ad networks into believing traffic originates from genuine user interest, constituting as invalid traffic. This practice, a form of ad fraud, can result from developers implementing ads in unauthorized ways, such as displaying hidden ads or engaging in non-human or human activity designed to produce invalid ad traffic. The proliferation of invalid traffic and ad fraud not only harms advertisers and developers but also erodes trust within the mobile Ads ecosystem.
By understanding the risks associated with ad fraud and promptly addressing any suspicious activity, users can protect themselves and contribute to a more secure digital environment.