ad fraud Archives

AppWizard

May 27, 2026

‘No Future Updates’—Google Will Confirm Play Store App Deletion

Google is enhancing the security of its Play Store by removing high-risk and low-quality applications and will soon notify users when an app has been deleted from the Play Store. This notification will inform users that the app will no longer receive updates, which is crucial for security as unpatched apps can be exploited. Currently, users only receive alerts about significant security threats, but the new feature aims to improve user awareness regarding app removals. The change comes amid rising cyber threats, with a recent report indicating that vulnerability exploitation is a major risk. Previously, users were not notified about app removals, leaving them unaware unless they found out through other means.

AppWizard

May 27, 2026

Google May Add Play Store Alerts For Removed Android Apps

Google has implemented a new feature in its Play Store that notifies users when an app has been removed from the marketplace. This update informs users that the app will no longer receive updates, including security fixes, which could leave them vulnerable. The notification will detail each deleted app and its removal from Google Play. There is uncertainty about whether the update will allow users to delete these apps directly. This initiative responds to a shift in the threat landscape, where exploiting vulnerabilities has become the primary method of breaching devices, surpassing stolen credentials. Recent reports highlighted the necessity for user notifications, citing a new ad fraud campaign involving 453 apps that were installed 24 million times before removal. Previously, users had no formal notification system for app removals.

AppWizard

May 22, 2026

InPVP acquires Feather Client, rebrands as Dawn

InPVP has acquired Feather Client, a third-party Minecraft launcher, focusing on its in-game technology rather than the launcher itself. The acquisition was announced by InPVP owner Mohamed “PizzaMC” Weheba at the UGCon conference in Las Vegas. Feather Client’s parent company, Silentstack, will launch a new launcher called Dawn. Weheba clarified that the acquisition involves a sale of assets without taking on previous liabilities. The acquisition follows allegations of ad fraud against Feather Client. Weheba plans to reduce reliance on ad monetization and focus on direct-to-consumer revenue streams, including the sale of cosmetics and in-game items. He aims to enhance user experience with features like a profanity filter for voice chat and plans to collaborate with the competitive Minecraft organization MCPVP for tournaments. Aditude, Feather's former ad tech provider, has resumed its partnership with Dawn, expressing confidence in Weheba's leadership and the new direction of the project.

AppWizard

May 20, 2026

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have identified an ad fraud and malvertising operation called Trapdoor, targeting Android users with 455 malicious applications and 183 command-and-control domains. Users often download these disguised apps, which initiate malvertising campaigns and lead to further downloads of malicious applications. At its peak, Trapdoor generated 659 million bid requests daily, with over 24 million downloads of the associated apps, primarily from the United States. The operation exploits install attribution tools to activate malicious activities only for users acquired through fraudulent ad campaigns, while suppressing such behavior for organic downloads. Trapdoor employs advanced evasion techniques, including obfuscation and impersonation of legitimate software, to avoid detection. Google has removed the identified malicious apps from the Play Store in response to the threat.

AppWizard

February 20, 2026

Google banned 80,000 developer accounts, blocked 27 million dangerous apps from outside Google Play and more: How Google kept Android users safe in 2025 – The Times of India

Google's annual review highlighted its security measures for Android and Google Play, reporting that in 2025, it prevented over 1.75 million policy-violating apps from being published and banned more than 80,000 developer accounts. Google Play conducted over 10,000 safety checks on every app, blocked 160 million spam ratings, and Google Play Protect scanned over 350 billion Android apps daily. New fraud protection features were introduced, blocking 266 million risky installations and protecting users from 872,000 high-risk applications. Developer tools were enhanced with Play Policy Insights and expanded pre-review checks, while the Play Integrity API conducted over 20 billion checks daily. Google plans to invest further in AI-driven defenses and implement developer verifications in 2026.

AppWizard

February 20, 2026

Keeping Google Play & Android app ecosystems safe in 2025

The Android ecosystem focuses on preventing real-world harm, including malware and privacy invasions, by enhancing investments in AI and real-time defenses. In 2025, over 1.75 million policy-violating apps were prevented from being published, and more than 80,000 malicious developer accounts were banned. Google Play conducts over 10,000 safety checks on each app, blocking over 255,000 apps from accessing sensitive user data and 160 million spam ratings and reviews. Google Play Protect scans over 350 billion apps daily, identifying over 27 million new malicious apps last year. Enhanced fraud protection was expanded to 185 markets, blocking 266 million risky installation attempts. Developer tools like Play Policy Insights and the Play Integrity API were introduced to streamline app development and enhance security. Developer verification is being extended to ensure accountability, and Android 16 includes features to protect sensitive information with minimal code.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

BetaBeacon

January 28, 2026

Phantom Malware in Android Game Mods Hijacks Phones for Ad Fraud

A malware strain known as Android.Phantom is being distributed through popular titles and unofficial app sources, operating silently alongside games to conduct click fraud. The malware can mimic user behavior, interact with ads through automated clicks, and establish peer-to-peer connections to allow remote controllers to interact with the user's screen in real time. It is recommended to avoid installing apps from third-party stores to reduce the risk of encountering malicious software.

BetaBeacon

January 26, 2026

New AI-powered Android malware hijacks ads and screens in mobile games

Researchers warn that machine learning is being used to automate ad fraud and remote access on infected phones.

AppWizard

November 26, 2025

Android users told to delete apps immediately after cyber attack infestation

Hundreds of Android applications have been compromised by SlopAds ad fraud malware, leading to their removal from the Google Play Store. A total of 224 apps were identified, collectively downloaded over 38 million times. The malware employs techniques like steganography to hide its activities and redirect users to malicious sites. Google has removed all identified malicious apps and will alert users to uninstall them. Android users are advised to activate Google Play Protect for enhanced security. The ad fraud undermines the integrity of legitimate advertisers and developers.