A major mobile ad fraud operation named “SlopAds” has infiltrated the Google Play Store, resulting in the presence of 224 malicious applications that collectively garnered over 38 million downloads across 228 countries. This sophisticated campaign represents one of the largest mobile fraud schemes discovered, employing advanced techniques to evade detection and deliver fraudulent advertising payloads.
The threat actors behind SlopAds utilized a conditional activation system that only triggered when users downloaded apps through specific advertising campaigns, helping the malicious apps maintain a facade of legitimacy. At its peak, the operation generated approximately 2.3 billion fraudulent bid requests daily, with significant traffic concentrated in the United States, India, and Brazil.
SlopAds implemented innovative payload delivery mechanisms, using digital steganography to hide malicious code within seemingly harmless PNG image files. This technique allowed the malware to bypass traditional security measures focused on executable files. The malicious payload was delivered via encrypted ZIP archives, which, when decrypted, executed the fraud operations.
Google has since removed all identified SlopAds applications and users are protected through Google Play Protect, which warns against and blocks known malicious apps from installation.
About the Author
