ad fraud Archives

AppWizard

February 20, 2026

Google banned 80,000 developer accounts, blocked 27 million dangerous apps from outside Google Play and more: How Google kept Android users safe in 2025 – The Times of India

Google's annual review highlighted its security measures for Android and Google Play, reporting that in 2025, it prevented over 1.75 million policy-violating apps from being published and banned more than 80,000 developer accounts. Google Play conducted over 10,000 safety checks on every app, blocked 160 million spam ratings, and Google Play Protect scanned over 350 billion Android apps daily. New fraud protection features were introduced, blocking 266 million risky installations and protecting users from 872,000 high-risk applications. Developer tools were enhanced with Play Policy Insights and expanded pre-review checks, while the Play Integrity API conducted over 20 billion checks daily. Google plans to invest further in AI-driven defenses and implement developer verifications in 2026.

AppWizard

February 20, 2026

Keeping Google Play & Android app ecosystems safe in 2025

The Android ecosystem focuses on preventing real-world harm, including malware and privacy invasions, by enhancing investments in AI and real-time defenses. In 2025, over 1.75 million policy-violating apps were prevented from being published, and more than 80,000 malicious developer accounts were banned. Google Play conducts over 10,000 safety checks on each app, blocking over 255,000 apps from accessing sensitive user data and 160 million spam ratings and reviews. Google Play Protect scans over 350 billion apps daily, identifying over 27 million new malicious apps last year. Enhanced fraud protection was expanded to 185 markets, blocking 266 million risky installation attempts. Developer tools like Play Policy Insights and the Play Integrity API were introduced to streamline app development and enhance security. Developer verification is being extended to ensure accountability, and Android 16 includes features to protect sensitive information with minimal code.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

BetaBeacon

January 28, 2026

Phantom Malware in Android Game Mods Hijacks Phones for Ad Fraud

A malware strain known as Android.Phantom is being distributed through popular titles and unofficial app sources, operating silently alongside games to conduct click fraud. The malware can mimic user behavior, interact with ads through automated clicks, and establish peer-to-peer connections to allow remote controllers to interact with the user's screen in real time. It is recommended to avoid installing apps from third-party stores to reduce the risk of encountering malicious software.

BetaBeacon

January 26, 2026

New AI-powered Android malware hijacks ads and screens in mobile games

Researchers warn that machine learning is being used to automate ad fraud and remote access on infected phones.

AppWizard

November 26, 2025

Android users told to delete apps immediately after cyber attack infestation

Hundreds of Android applications have been compromised by SlopAds ad fraud malware, leading to their removal from the Google Play Store. A total of 224 apps were identified, collectively downloaded over 38 million times. The malware employs techniques like steganography to hide its activities and redirect users to malicious sites. Google has removed all identified malicious apps and will alert users to uninstall them. Android users are advised to activate Google Play Protect for enhanced security. The ad fraud undermines the integrity of legitimate advertisers and developers.

AppWizard

November 3, 2025

Android users urged to delete hundreds of apps immediately in cyber attack warning

A new wave of cyber attacks targeting Android users has been identified, involving 224 compromised applications that have collectively amassed over 38 million downloads from the Google Play Store. This threat, named SlopAds by the Satori Threat Intelligence and Research Team, involves sophisticated advertising fraud techniques, including steganography, to generate illicit revenue through harmful ads embedded in apps. Google has removed all compromised applications from the Play Store and will notify users to uninstall them. Users are advised to enable Google’s Play Protect feature to safeguard against malicious applications. Ad fraud not only affects individual users but also undermines trust in the advertising ecosystem.

AppWizard

November 3, 2025

Hack alert as Android users warned to uninstall these risky apps

HUMAN's Satori Threat Intelligence and Research Team has identified and dismantled an ad fraud scheme called SlopAds, linked to 224 applications that have over 38 million downloads from Google Play across 228 countries. The perpetrators used techniques like steganography to embed fraudulent payloads in apps, creating hidden WebViews that redirected users to cashout sites for generating illegitimate ad impressions and clicks. Google has removed all identified malicious applications and will notify affected users to uninstall them. Users are encouraged to enable Google's Play Protect feature to prevent future threats. Ad fraud poses risks to advertisers and developers by tricking ad networks into accepting fraudulent ads. Invalid traffic can arise from developers using prohibited ad practices, undermining trust in the mobile advertising ecosystem. Users are advised to uninstall flagged applications to protect their devices.

AppWizard

November 3, 2025

Android warning as hundreds of apps should be deleted after cyber attack

A cyber attack known as SlopAds has compromised 224 Android applications, which have been downloaded over 38 million times from the Google Play Store. The attack involves malicious advertisements that deceive users into providing personal and financial information. The Satori Threat Intelligence and Research Team reported that the threat actors use techniques like steganography and hidden WebViews to direct users to fraudulent cashout sites. Google has removed all identified problematic apps from the Play Store and will alert users who downloaded them to uninstall them. Android users are advised to activate the Google Play Protect feature to prevent future threats. Ad fraud not only affects individual users but also undermines the integrity of reputable advertisers and developers.

AppWizard

October 31, 2025

IAS uncovers ‘Arcade’ ad-fraud scheme exploiting Android gaming apps | News

Integral Ad Science (IAS) has identified an ad-fraud operation called ‘Arcade’ that exploits over 50 Android gaming apps with around 10 million installations. This operation reroutes ad traffic to more than 200 HTML5 gaming sites, generating ad impressions without user engagement. Initially active in the US, Brazil, and Canada, Arcade has shifted focus to the Asia-Pacific region, with countries like Turkey, Vietnam, the Philippines, Thailand, Indonesia, and Malaysia accounting for nearly half of the detected traffic by September 2025. The apps switch to fraud mode upon detecting installation from a paid campaign, activating hidden browsing and ad-serving code via a remote command-and-control server. Arcade generates revenue through covert traffic to gaming domains and disruptive ads outside standard app usage. Despite having fewer apps than previous IAS findings, Arcade has a significantly larger traffic impact.