Integral Ad Science (IAS) has recently unveiled a sophisticated ad-fraud operation known as ‘Arcade,’ which is exploiting Android gaming applications to clandestinely reroute ad traffic to a network of HTML5 gaming domains. This scheme has notably shifted its focus towards the Asia Pacific region, which is rapidly becoming one of its primary hotspots.
Details of the Operation
Arcade encompasses over 50 Android gaming apps, amassing approximately 10 million installations. These applications operate in the background, opening browser tabs that continuously load more than 200 HTML5 gaming sites, thereby generating ad impressions without any user engagement. While the sites in question are legitimate and feature playable games, the traffic they receive is entirely fabricated.
Scott Pierce, head of fraud and ad quality at IAS, shared insights with Campaign Asia-Pacific, emphasizing the intricate architecture and coordination involved in this operation. He stated, “At this stage, we have no confirmed attribution, but the scale, coordination, and shared infrastructure indicate that Arcade is operated by an organized fraud network rather than independent developers. The evidence points to a well-resourced group leveraging a modular framework for large-scale ad traffic manipulation.”
Operational Mechanics
One of the most elusive aspects of Arcade is its conditional activation. The apps function normally when downloaded directly from app stores but switch to fraud mode upon detecting that the installation originated from a paid campaign or referral. By utilizing attribution SDK signals, including data from Appsflyer, the app verifies the install source before reaching out to a remote command-and-control server. This server then delivers an encrypted payload that activates the hidden browsing and ad-serving code. Notably, this payload is selectively deployed to targeted devices, with many apps incorporating anti-analysis measures to evade detection in virtual or sandbox environments, thus circumventing app-store reviews and security protocols.
Initially, the operation was primarily active in the US, Brazil, and Canada, but it has since transitioned to the Asia-Pacific region. By September 2025, countries such as Turkey, Vietnam, the Philippines, Thailand, Indonesia, and Malaysia accounted for nearly half of all detected traffic, indicating a strategic redirection towards high-growth markets.
Impact and Insights
Although Arcade features a smaller number of apps compared to IAS’s previous findings, such as the Vapor and Mirage schemes, it has generated a significantly larger traffic impact. Pierce noted, “Compared to earlier IAS discoveries like Vapor and Mirage fraud schemes, Arcade involves fewer apps but far greater traffic impact. By using hidden in-app browsers to endlessly reload HTML5 gaming pages, it has generated a much higher volume of bid requests, making its overall ad footprint disproportionately larger despite a smaller app count.”
Arcade profits from two primary avenues: the covert traffic directed to gaming domains that yields hidden ad revenue and the disruptive out-of-context ads that surface outside of standard app usage. IAS identified this operation through behavioral anomaly analysis and domain traversal pattern recognition, and it continues to map the developer accounts and domains associated with the setup.
Pierce elaborated, “Arcade is anything but subtle. The volume of traffic attributed to this operation points to a well-resourced and coordinated effort, capable of producing and maintaining a myriad of Android apps and gaming domains at an industrial scale.” IAS has intervened before Arcade could reach its full potential, cautioning that the scheme was poised for further expansion if left unchecked.
