38 Million Google Play Downloads Linked to Massive Global Ad Fraud Scheme – SlopAds Exposed
Security researchers have uncovered one of the largest mobile ad fraud operations in recent years, involving 224 apps on the Google Play Store with over 38 million downloads worldwide. The scheme, named SlopAds, secretly generated fake ad views and clicks in the background, siphoning advertising dollars without providing real engagement to brands. The discovery was made by HUMAN’s Satori Threat Intelligence team, who promptly reported the malicious apps to Google.
Google has since removed all affected apps from the Play Store and activated Play Protect, its automatic security system that warns users and prompts them to uninstall harmful software. The fraudulent campaign relied on sophisticated techniques, including steganography and WebViews—miniature browsers embedded in apps—to hide hidden ad activities and navigate users to fraud-controlled cashout sites. At its peak, SlopAds produced a staggering 2.3 billion ad bid requests per day, underlining the scale and financial impact of the operation.
What made SlopAds particularly insidious was its selective targeting. Only devices that installed the apps after clicking on a SlopAds-controlled ad were activated to commit fraud, while other installations remained dormant. Researchers described this as a “novel abuse of marketing attribution technology,” demonstrating how ad fraud tactics have become increasingly sophisticated. The apps also collected device and browser data, allowing fraudsters to tailor operations and maximize revenue.
The global reach of SlopAds was extensive, spanning 228 countries, with the highest traffic originating from the United States (31%), India (11%), and Brazil (7%). Many apps carried AI-themed branding, reflecting the campaign’s name. Fraud modules were even hidden in PNG images and reassembled on devices, while cashout methods included hidden HTML5 games and news sites that generated ads users never saw—yet advertisers were billed for every impression and click.
This incident highlights ongoing risks for mobile users and advertisers alike. It is not the first time malicious apps on Google Play have caused widespread disruption; in October 2024, over 200 apps downloaded nearly eight million times were flagged as harmful, with Nigeria among the top ten countries targeted. Users are urged to check their devices, remove suspicious apps, and rely on Play Protect to stay safe from similar schemes.
source: nairametrics