In an effort to combat digital ad fraud, Google has partnered with the Satori Threat Intelligence and Research Team from HUMAN to dismantle a significant operation identified as SlopAds. The fraudulent scheme relied on over 224 AI-themed applications that, at their peak, produced a staggering 2.3 billion ad bid requests per day. These apps were downloaded more than 38 million times in approximately 228 countries and territories.
The SlopAds operation involved a complex network of fake ad views and clicks, manipulating the perception of user engagement. Victims, through deceptive advertisements, unwittingly installed apps laden with a malicious payload known as FatModule. This software component orchestrated the creation of invisible WebViews, which loaded attacker-controlled sites, simulating advertisement impressions and clicks. As a result, infected devices essentially became ghost click farms, inflating ad metrics and skewing data analytics for advertisers.
Global Impact and Response
A significant portion of the fraudulent activity was traced back to major markets like the United States, accounting for 30% of the traffic, followed by India with 10%, and Brazil with 7%. This wide geographic distribution underscores the extensive reach of the SlopAds operation.
Upon discovery, HUMAN's team quickly notified Google of the compromised apps. In response, Google acted promptly to remove the malicious applications from the Google Play Store and issued alerts to those affected, advising users to uninstall the fraudulent apps from their devices. Despite this decisive action, HUMAN has cautioned that the perpetrators might modify their approach to continue their fraudulent activities elsewhere within the digital advertising ecosystem.
- 224 AI-themed apps involved in the SlopAds operation.
- 38 million downloads across 228 countries.
- 2.3 billion ad bid requests generated daily at peak.
- 30% of traffic originated in the United States.
The SlopAds operation highlights the ongoing challenge of securing the digital advertising space against fraudulent schemes. The collaboration between Google and HUMAN exemplifies a proactive approach to safeguarding advertisers and consumers from such deceptive practices. Stakeholders in the digital ad ecosystem are called to remain vigilant and adaptive to emerging threats to maintain the integrity and trustworthiness of digital advertising.
