Security researchers have discovered a new ad-fraud campaign called SlopAds, impacting millions of Android users globally. The campaign involves 224 apps downloaded more than 38 million times across 228 countries, as identified by the Satori Threat Intelligence and Research Team.
Attack Details and Removal
The SlopAds campaign was executed using steganography to embed malicious ads within apps, creating hidden WebViews that navigate to cashout sites. This method generates fraudulent ad impressions and clicks. Following the discovery, Google has removed the affected apps from the Play Store and will notify users to uninstall them.
User Protection Measures
To safeguard their devices, users are advised to enable Google’s Play Protect. This feature helps in blocking potentially harmful apps and mitigating risks of similar future campaigns. Google aims to maintain trust in the mobile advertising ecosystem by addressing such threats.
