HUMAN Security’s Satori team has uncovered “SlopAds,” a sophisticated ad fraud operation involving 224 Android apps downloaded over 38 million times across 228 countries[1]. The apps use steganography to hide malicious code within PNG files and create hidden WebViews to generate fraudulent ad impressions and clicks[1:1].
Key findings:
- Generated 2.3 billion daily bid requests at peak
- Heaviest traffic from US (30%), India (10%), and Brazil (7%)
- Only activated fraud for downloads traced to threat actor ad campaigns
- Used attribution tools and multiple layers of obfuscation to avoid detection
- Operated through extensive network of command-and-control servers
Google has removed the identified apps and enabled Google Play Protect warnings to block future installations[1:2]. HUMAN’s Ad Fraud Defense and Ad Click Defense customers are protected from SlopAds’ impact[1:3].
Google Play never was a reliable source and Google Play Protect never protect against anything as shown here, that infected apps are only removed after reporting it, as ocurred also in the past. If you don’t use an third party AV in Android, eg.BitDefender, valid even the free version, you don`t have any protection by Google against Malware.