Security experts have discovered a massive mobile ad fraud scheme on the Google Play Store, involving 224 malicious apps with more than 38 million downloads worldwide.
The campaign, dubbed SlopAds, secretly generated fake ad views and clicks in the background, stealing millions in advertising dollars while deceiving both users and brands.
The scheme was uncovered by HUMAN’s Satori Threat Intelligence team, which reported the apps to Google. In response, Google removed all fraudulent apps and activated Google Play Protect, its automatic defense system that warns users and prompts them to uninstall harmful apps.
How the SlopAds Scam Worked
According to researchers, SlopAds used steganography and WebViews (simplified browsers embedded in apps) to execute hidden fraud operations.
Here’s how it worked:
- Apps secretly opened hidden browser windows in the background.
- These windows navigated to fraudster-controlled cashout sites.
- The scheme generated fake ad impressions and clicks without real user engagement.
At its peak, SlopAds was responsible for 2.3 billion bid requests per day, making it one of the most damaging fraud campaigns in recent years.
To avoid detection, only apps downloaded via SlopAds-controlled ads were activated for fraud, while others stayed dormant, a sophisticated abuse of marketing attribution technology.
“All users who have these identified apps installed on their device will receive a warning and will be prompted to uninstall them. Play Protect is on by default on Android devices with Google Play Services,” HUMAN researchers stated.
Global Reach of the SlopAds Operation
SlopAds’ fake ad traffic spread across 228 countries and territories. The largest shares of fraudulent traffic came from:
- United States – 31%
- India – 11%
- Brazil – 7%
Many apps and servers linked to the scheme carried AI-themed branding, inspiring the name SlopAds.
The apps also collected extensive device and browser data, enabling fraudsters to fine-tune their operations. Instructions were even hidden inside PNG images and later reassembled on users’ devices as executable code.
Fraudsters then funneled traffic to H5 games and fake news sites they controlled, which displayed ads in hidden WebViews, costing advertisers millions in wasted budgets.
Impact on Users and Advertisers
- For users: The apps appeared harmless but drained device resources in the background, slowing performance and consuming data.
- For advertisers: Millions of dollars were lost to fake ad impressions and clicks that never reached real audiences.
This sophisticated fraud highlights the growing challenge of mobile ad fraud in the digital advertising ecosystem.
Previous Google Play Fraud Campaigns
This is not the first time fraudsters have exploited the Google Play Store.
In October 2024, Zscaler ThreatLabz uncovered 200+ malicious apps with nearly 8 million downloads. That campaign also targeted global users, with Nigeria among the top 10 countries most affected, alongside India, the U.S., Canada, South Africa, the Netherlands, Mexico, Brazil, Singapore, and the Philippines.
Conclusion
The exposure of SlopAds underscores the growing sophistication of mobile ad fraud. While Google Play Protect and takedowns help reduce risks, both users and advertisers must stay vigilant.
- Users should regularly update devices and uninstall suspicious apps.
- Advertisers must strengthen fraud detection systems to avoid losses.
As mobile advertising expands, combating fraud remains critical for ensuring trust, transparency, and security in the digital ecosystem.
