A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day.
The ad fraud campaign was discovered by HUMAN's Satori Threat Intelligence team, which reported that the apps were downloaded over 38 million times and employed obfuscation and steganography to conceal the malicious behavior from Google and security tools.
The campaign was worldwide, with users installing the apps from 228 countries, and SlopAds traffic accounting for 2.3 billion bid requests every day. The highest concentration of ad impressions originated from the United States (30%), followed by India (10%) and Brazil (7%).
"Researchers dubbed this operation 'SlopAds' because the apps associated with the threat have the veneer of being mass produced, a la 'AI slop', and as a reference to a collection of AI-themed applications and services hosted on the threat actors' C2 server," explained HUMAN.
Android apps associated with SlopAds ad fraud campaign
Source: HUMAN Satori
The SlopAds ad fraud campaign
The ad fraud contained multiple levels of evasion tactics to avoid being detected by Google's app review process and security software.
If a user installed a SlopAd app organically through the Play Store, without coming from one of the campaign's ads, it would act as a normal app, performing the advertised functionality as normal.
SlopAds ad fraud malware workflow
... continue reading