Android users are currently facing a new threat that could potentially transform their devices into money-making tools for cybercriminals. This emerging attack leverages popular applications to surreptitiously install software that engages in ad fraud by generating fake clicks in the background. While this scheme doesn’t directly impact users’ finances, it can significantly slow down device performance, an undesirable outcome for smartphone owners.
Known as SlopAds, this attack has been exacerbated by the presence of infected apps on the Google Play Store. Initially detected by the Satori Threat Intelligence and Research Team, it’s estimated that around 224 Android apps have been compromised, with over 38 million downloads worldwide.
According to HUMAN’s Satori Threat Intelligence and Research Team, the operators of SlopAds have orchestrated a complex ad fraud and click fraud operation involving a network of 224 apps. These apps utilize steganography techniques to conceal their malicious activities and create hidden WebViews to interact with designated cashout sites owned by threat actors, thereby generating fraudulent ad impressions and clicks.
Upon learning of this vulnerability, Google promptly removed all tainted applications from its platform to prevent further infections. However, existing users who have downloaded these apps may still unwittingly contribute to the profit of cybercriminals. To mitigate this risk, users are advised to remain vigilant for warning messages and promptly uninstall any flagged apps.
The Satori Threat Intelligence and Research Team ensures that users with the identified apps installed on their devices will receive alerts prompting them to remove the apps. This proactive approach aligns with Google’s Play Protect service, which is enabled by default. If users receive a warning, it is imperative to act swiftly and delete the implicated app without delay.
Ad fraud, a type of cybercrime that profits from fake clicks rather than direct harm to users, can lead to device sluggishness due to the increased background activity. Google defines ad fraud as the generation of ad interactions with the intent to deceive ad networks into believing the traffic is from genuine user interest, constituting a form of invalid traffic. Developers engaging in ad fraud may employ prohibited tactics like displaying hidden ads, automated ad clicking, or manipulating data to drive invalid ad traffic.
The proliferation of invalid traffic and ad fraud poses risks to advertisers, developers, and users, eroding trust in the mobile advertising ecosystem over time.