- A large-scale ad fraud scheme called SlopAds involved 224 apps and gathered 38 million downloads worldwide.
- The scheme used hidden app features and steganography to generate fake ad impressions and clicks.
- At its peak, the operation saw 2.3 billion ad bid requests daily, with most activity from the U.S., India, and Brazil.
- Google removed all identified apps from the Play Store following an investigation by HUMAN’s Satori Threat Intelligence and Research Team.
- The attack triggered fraud only after certain types of downloads, making detection harder and adding to the complexity of mobile ad fraud threats.
A coordinated mobile ad fraud effort known as SlopAds operated across a network of 224 apps, reaching 38 million downloads in more than 220 countries and territories. The scheme, identified by HUMAN’s Satori Threat Intelligence and Research Team, aimed to create fake ad impressions and clicks to generate profit.
The team reported that these apps used advanced techniques such as steganography—hiding information inside image files—and concealed WebViews, which let the apps access threat actor-operated websites without user awareness. The fraudulent activity led to about 2.3 billion bid requests each day at its height. Most of the traffic originated from the United States (30%), India (10%), and Brazil (7%). Google responded by taking all related apps off the Play Store, stopping the scheme’s operations.
According to HUMAN, the deceptive behavior occurred only when the app was downloaded after clicking an ad. In these cases, the app reached out to a command-and-control server to download “FatModule,” a hidden code layer that enabled the fraud. If the app was installed organically, without following an ad link, it acted normally. “From developing and publishing apps that only commit fraud under certain circumstances to adding layer upon layer of obfuscation, SlopAds reinforces the notion that threats to the digital advertising ecosystem are only growing in sophistication,” HUMAN researchers said.
The “FatModule” component was hidden inside four PNG images, which the app decrypted and reassembled on the device. It collected device and browser information and executed ad fraud using hidden WebViews—a feature that allows web content to run inside an app. In this scheme, the fraudsters directed traffic to their own gaming and news websites, which displayed ads in invisible windows to collect revenue.
Researchers also noted that around 300 domains promoted SlopAds apps, often linking back to a main control server. The case follows a similar event earlier this year, when HUMAN discovered another ad fraud scheme involving 352 Android apps called IconAds. “SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities,” said Gavin Reid, CISO at HUMAN.
These developments emphasize increasing efforts by fraud actors to hide their activities and evade ad fraud detection methods.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Pepe (PEPE) Faces 30% Drop Amid Bearish Market Correction
- Bitcoin Adoption Grows in El Salvador, Africa, and Vancouver Merchants
- Federal Reserve Rate Cut Looms Amid Political Turmoil, Crypto Reacts
- Sonic Labs Invests in FinChain to Boost On-Chain RWA Settlement
- New FileFix Social Engineering Attack Delivers StealC Malware
