- Slopads was a massive ad fruit that involved over 224 AI-themed apps that generated fake ad views and clicks
- Apps were downloaded more than 38 million times globally and topped with 2.3 billion ad bid requests by day
- Google removed apps and warned affected users
Security researchers from human satori threat information and research team, along with Google, uncovered and dismantled a gigantic ad and clicked fraud surgery that counts hundreds of apps, millions of downloads and billions of daily requests for ad bid.
The operation was about getting victims generating fake ad views and clicks, which essentially scammed advertisers and ad networks out of their money.
Those threat actors created at least 224 AI-themed apps (though the researchers said the number of apps grew during the day), all of which hosted the Google Play store.
Removal of apps
If a victim downloaded it via an ad (unlike directly from the depot), the app would download a malicious payload called Fatmodule, which created invisible webviews (built -in browsers).
These browsers, hidden from the victims’ vision, load sites owned by attackers who are often either fake news sites or HTML5 games. Once webviews were loaded, simulating advertising clicks and impressions and basically transform the compromised smartphone into a ghost click yard.
The researchers called the slopes of the operation.
Overall, apps were downloaded more than 38 million times from 228 different countries and territories (worldwide, practically). At his highest, slopades signed for 2.3 billion bidding requests a day, explained humanly further, saying that the traffic from apps associated with slopades came from all over the world.
Still, most of the traffic is either in the US (30%), India (10%) or Brazil (7%).
Human informed Google of their findings and the search engine removed all the identified apps from Google Play. Furthermore, the company said it informed anyone who had installed any of the malicious apps, suggesting that sacrifices immediately remove them from their devices.
However, this does not mean that slopades are done too well: “Sophistication of slopads suggests that threat actors are likely to adjust their scheme to try to continue to scam the digital advertising ecosystem,” warned human.
