Cyber attackers are once more focusing on Android devices to deceive unsuspecting individuals into divulging their personal and financial details.
Users are advised to promptly uninstall compromised apps associated with a new scam that involves hackers executing an advanced form of advertising fraud. By inundating apps with malicious advertisements, hackers can hinder the performance of the compromised devices while profiting themselves.
Identified by the Satori Threat Intelligence and Research Team, the recent assault, named ‘SlopAds’, impacted 224 Android apps, collectively downloaded over 38 million times from the Google Play Store.
The team’s security experts disclosed, “HUMAN’s Satori Threat Intelligence and Research Team has exposed and disrupted an intricate ad fraud and click fraud scheme known as SlopAds. The operators of SlopAds control a set of 224 apps, downloaded from Google Play more than 38 million times across 228 countries and territories.
“These apps distribute their fraudulent content using steganography and generate hidden WebViews to navigate to sites owned by the threat actors, producing fake ad impressions and clicks. The operators’ infrastructure and many apps revolve around an AI theme, influencing the operation’s name.”
It is crucial to note that Google has eradicated all problematic apps, preventing new users from falling victim to ad fraud. Anyone worried about having downloaded an application containing the SlopsAds bug will receive an alert prompting them to delete the apps.
To shield against potential attacks, Android users are advised to keep Google’s Play Protect feature enabled within the app store. This feature notifies users of potentially corrupted applications before installation and blocks apps exhibiting behavior associated with SlopAds.
Ad fraud not only impacts device users but also legitimate advertisers and developers as hackers deceive networks into allowing their infected ads. Google clarified, “Ad interactions created to deceive an ad network into thinking traffic is from genuine user interest constitute ad fraud, a type of invalid traffic.
“Ad fraud can arise when developers misuse ads, like displaying hidden ads, automatically clicking ads, altering information, or engaging in non-human actions (spiders, bots, etc.) or human activities designed to produce invalid ad traffic. Invalid traffic and ad fraud harm advertisers, developers, and users, eroding trust in the mobile Ads ecosystem over time.”
Android users are advised to act promptly and delete any flagged apps to protect their devices.