Cybercriminals have once again set their sights on Android devices, aiming to deceive unsuspecting individuals into divulging their personal and financial details.
Users are advised to promptly uninstall compromised apps linked to a new scam involving hackers engaging in advanced advertising fraud. By inundating apps with malicious advertisements, hackers can not only slow down the compromised devices but also profit from the scheme.
The recent attack, known as ‘SlopAds,’ was uncovered by the Satori Threat Intelligence and Research Team. A total of 224 Android apps were impacted by this assault, having been downloaded over 38 million times via the Google Play Store.
Security experts from the team disclosed that they had discovered and disrupted a complex ad fraud and click fraud operation named SlopAds. The threat actors behind SlopAds manage a set of 224 apps, collectively downloaded more than 38 million times across 228 countries and regions.
These apps execute their fraudulent activities using steganography, generating hidden WebViews to direct users to cashout sites owned by the threat actors. This process leads to the production of fake ad impressions and clicks. The operation and many of the apps share an artificial intelligence theme, contributing to the operation’s name.
Google has successfully removed all problematic apps to prevent new users from falling victim to ad fraud. Individuals concerned about having downloaded apps containing the SlopsAds bug will receive notifications urging them to delete the apps, as reported by the Daily Record.
To safeguard against future attacks, Android users are encouraged to keep Google’s Play Protect feature active within the app store. This feature notifies users about potentially compromised applications before installation and blocks any subsequent apps displaying behavior related to SlopAds.
Ad fraud not only impacts device users but also harms legitimate advertisers and developers as hackers deceive networks into accepting their infected advertisements. Google emphasized that ad fraud involves generating ad interactions to deceive ad networks into believing the traffic is from genuine user interest, constituting a form of invalid traffic.
Android users are advised to act promptly by removing any flagged infected apps to protect their devices.