HUMAN Security’s Satori team has uncovered “SlopAds,” a sophisticated ad fraud operation involving 224 Android apps downloaded over 38 million times across 228 countries^[1]. The apps use steganography to hide malicious code within PNG files and create hidden WebViews to generate fraudulent ad impressions and clicks^[1:1].

Key findings:

• Generated 2.3 billion daily bid requests at peak
• Heaviest traffic from US (30%), India (10%), and Brazil (7%)
• Only activated fraud for downloads traced to threat actor ad campaigns
• Used attribution tools and multiple layers of obfuscation to avoid detection
• Operated through extensive network of command-and-control servers

Google has removed the identified apps and enabled Google Play Protect warnings to block future installations^[1:2]. HUMAN’s Ad Fraud Defense and Ad Click Defense customers are protected from SlopAds’ impact^[1:3].

App list Domain list