Android users are currently at risk due to a new threat that could potentially transform their devices into money-making tools for cybercriminals. This new attack leverages popular applications to install software that engages in ad fraud by generating fake clicks in the background. While users do not directly lose money, this threat can significantly slow down their devices, causing inconvenience.
This attack, known as SlopAds, has been exacerbated by the presence of infected apps on the Google Play Store. Initially identified by the Satori Threat Intelligence and Research Team, approximately 224 Android apps have been affected, with downloads exceeding 38 million worldwide.
According to HUMAN’s Satori Threat Intelligence and Research Team, the SlopAds operation involves a network of 224 apps, downloaded over 38 million times from Google Play across 228 countries and territories. These apps employ steganography techniques and create hidden WebViews to navigate to websites owned by threat actors, generating fraudulent ad impressions and clicks.
Google has responded promptly to this issue by removing all malicious applications from its platform. While new users are no longer at risk, existing users who have downloaded these apps may still unknowingly contribute to the profitability of cybercriminals. Therefore, it is crucial for users to remain vigilant for any warning messages.
Users with identified malicious apps installed on their devices will receive alerts and instructions to uninstall them as part of Google’s Play Protect service, which is enabled by default. If a warning message is received, users should promptly delete the app to mitigate the risk.
Ad fraud, which is the primary objective of this attack, does not directly harm users but rather benefits hackers by generating fake clicks in the background. However, it can lead to device slowdowns due to increased background activity. Google defines ad fraud as the generation of ad interactions to deceive ad networks into believing the traffic is from genuine user interest, constituting a form of invalid traffic. This practice is detrimental to advertisers, developers, and users, eroding trust in the mobile advertising ecosystem over time.