Android users are currently facing a new threat that could transform their devices into money-making tools for cybercriminals. This fresh attack leverages popular applications to install software that engages in ad fraud by generating fake clicks in the background. While users do not incur direct financial losses, this malicious activity can significantly slow down their devices, posing an undesirable situation for smartphone owners.
Known as SlopAds, this attack has been exacerbated by the presence of infected apps on the Google Play Store. Initially identified by the Satori Threat Intelligence and Research Team, a substantial 224 Android apps have been affected, collectively amassing over 38 million downloads worldwide.
According to HUMAN’s Satori Threat Intelligence and Research Team, the perpetrators behind SlopAds are orchestrating an elaborate ad fraud scheme through a network of 224 apps. These apps utilize steganography techniques to embed malicious content and create concealed WebViews that redirect to sites controlled by the threat actors, subsequently generating fake ad impressions and clicks.
Upon notification, Google swiftly removed all implicated applications from its platform to prevent further infections. However, existing users who have downloaded these apps may still unknowingly contribute to fraudulent activities.
To mitigate the risk, users with identified apps installed on their devices will receive alerts prompting them to uninstall the applications. This process is facilitated by Google’s Play Protect service, which automatically notifies users of potential threats. In the event of a warning message, immediate action is advised to remove the app promptly.
Ad fraud, the underlying tactic in this attack, aims to benefit cybercriminals by orchestrating fake clicks without directly harming users. Nevertheless, the excessive background activity can overload devices, leading to performance issues. Google defines ad fraud as the manipulation of ad interactions to deceive ad networks, ultimately producing invalid traffic. This deceptive practice undermines trust within the mobile advertising ecosystem, adversely affecting advertisers, developers, and users alike.