Premium

Google disrupts ‘SlopAds’ fraud campaign affecting hundreds of Android apps

Cybersecurity researchers have discovered and dismantled an ad-fraud campaign that used hundreds of apps available on the Google Play Store.

google-preferred-btn
SlopAds used more than 224 apps to commit ad fraud.SlopAds used more than 224 apps to commit ad fraud. (Image Source: HUMAN)

Researchers at HUMAN’s Satori Threat Intelligence and Research Team recently uncovered and disrupted a massive ad fraud operation called SlopAds that operated on a collection of at least 224 apps.

These apps, available on the Google Play Store, had more than 38 million downloads across 228 countries and territories, and delivered a fraud payload using hidden WebViews that helped them navigate to the threat actor’s cashout sites.

In a blog post, HUMAN explains that many of these malicious apps share an AI theme and are mass-produced, which is why they named it “SlopAds”. Researchers say these apps hid themselves and used a bunch of tricks to bypass Google’s sophisticated security measures.

SlopAds traffic accounted for 2.3 billion requests every day, with the majority of them coming from the United States (30 per cent), India (10 per cent) and Brazil (7 per cent).

How did SlopAds campaign work?

When users installed any of the Slopads-infected apps from the Google Play Store, they operated as a normal app, showing no signs of malicious activity. But if you downloaded the app after clicking on a fake ad, the app gets downloaded alongside an encrypted configuration file that contains a malicious payload.

In case you are wondering, SlopAds hid a malicious APK archive in PNG images, which, when assembled, collected user and device data to send to a control server operated by the threat actor.

The complete malware, called FatModule, used hidden WebViews to navigate to promotional domains to generate ad revenue for the attackers. HUMAN says the campaign included more than 300 promotional domains and that the threat actors wanted ot expand their operation.

Story continues below this ad

And while Google has removed all known SlopAds apps from the Play Store and updated Play Protect to warn users about the threat, the threat actors might relaunch their fraud ad campaign under a different name or wait for a while before striking again.

© IE Online Media Services Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
ATM heist, Rs 7.11 crore robbery, Bengaluru, police constable,
CitiesOne police constable, 2 others arrested in Bengaluru ATM cash van heist
Salman Khan, Helen, Salim Khan
EntertainmentSalim Khan-Helen grew close over daily drinks during Don shoot; 10-year-old Salman watched his mother Salma get hurt
African student in IIT bombay
TrendingAfrican student shares honest experience of studying at IIT Bombay: ‘Underestimated what I was walking into’
IND vs SA 2nd Test Live Cricket Score: India pacer Jasprit Bumrah struck the first blow on Day 1 in Guwahati
SportsIndia vs South Africa Live Cricket Score, 2nd Test
labour codes, Labour Code Bill, Labour code rules, Four labour codes, Labour laws, labour law reforms, labour law, editorial, Indian express, opinion news, current affairs
OpinionFour labour codes, one big leap
Live Blog
Loading Taboola...
Advertisement