Android is once again under attack. This time, the threat has come from cyber crooks committing sophisticated ad fraud, which can end up making them huge sums of money while possibly slowing down the devices of those infected. This new attack – which has been dubbed SlopAds – was first spotted by the Satori Threat Intelligence and Research Team with it thought a whopping 224 Android apps were infected with the issue.
These were then downloaded over 38 million times via Google’s Play Store.
“HUMAN’s Satori Threat Intelligence and Research Team has uncovered and disrupted a sophisticated ad fraud and click fraud operation dubbed SlopAds,” the security experts confirmed.
“The threat actors behind SlopAds operate a collection of 224 apps and growing, collectively downloaded from Google Play more than 38 million times across 228 countries and territories.
“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks. The threat actors’ infrastructure and many of the apps share an AI theme, contributing to the name of the operation.”
It’s been confirmed that Google has now removed all the offending applications, which means no new users can be affected.
Users are automatically protected if they have Google Play Protect switched on. This will warn and block future apps known to exhibit SlopAds associated behavior at install time.
What if you have already installed an app that has the SlopAds bug?
Satori Threat Intelligence and Research Team says that all users who have these identified apps installed on their devices will receive a warning and will be prompted to uninstall them.
Play Protect is on by default on Android devices with Google Play Services.
So, keep an eye out for those alerts and don’t ignore them. If you are told to delete an app from your Android phone, do it without delay.
What is ad fraud?
As Google explains, “Ad interactions generated for the purpose of tricking an ad network into believing traffic is from authentic user interest is ad fraud, which is a form of invalid traffic.
“Ad fraud may be the byproduct of developers implementing ads in disallowed ways, such as showing hidden ads, automatically clicking ads, altering or modifying information and otherwise leveraging non-human actions (spiders, bots, etc.) or human activity designed to produce invalid ad traffic.
“Invalid traffic and ad fraud is harmful to advertisers, developers, and users, and leads to long-term loss of trust in the mobile Ads ecosystem.”