- Slopads was a massive advertising fraud that involved more than 224 applications with Ai-AI themes that generated visits and fake clicks
- Applications were downloaded more than 38 million times worldwide, reaching its maximum point at 2.3 billion applications for advertising offer per day
- Google eliminated applications and alerted affected users
Security researchers of the intelligence and research team of Human’s satori threats, together with Google, discovered and dismantled a gigantic announcement fraud operation and click, counting hundreds of applications, millions of downloads and billions of daily applications of advertising offers.
The operation revolved around the victims to generate false views and clicks of ads, essentially defrauding advertisers and advertising networks of their money.
Threat actors created at least 224 applications with AI-AI issues (although researchers said the number of applications grew day by day), all of which were housed in Google Play Store.
Eliminate applications
If a victim was downloaded through an ad (instead of directly from the repository), the application would download a malicious payload called Fatmodule, which created invisible Webviews (built -in browsers).
These browsers, hidden in view of the victims, load websites owned by the attackers, which are often fake news sites or HTML5 games. Once loaded, the web views would simulate the clicks and impressions of AD, basically turning the smartphone committed into a ghost click farm.
The researchers called the Slopads operation.
Collectively, applications were downloaded more than 38 million times, from 228 different countries and territories (the entire world, practically). At its peak, the Slopads represented 2,300 million requests for offers per day, human explained, stating that the traffic of applications associated with Slopads came from around the world.
Even so, most of the traffic originated in the United States (30%), India (10%) or Brazil (7%).
Human notified Google about his findings, and the search engine giant eliminated all the identified applications of Google Play. In addition, the company said it notified all those who had installed any of the malicious applications, which suggests that the victims eliminate them from their devices immediately.
However, that does not mean that Slopads is done forever: “Slopads sophistication suggests that threat actors will probably adapt their scheme again to try to continue disappointing the digital advertising ecosystem,” Human warned.
