advertising ecosystem Archives

AppWizard

November 26, 2025

Android users told to delete apps immediately after cyber attack infestation

Hundreds of Android applications have been compromised by SlopAds ad fraud malware, leading to their removal from the Google Play Store. A total of 224 apps were identified, collectively downloaded over 38 million times. The malware employs techniques like steganography to hide its activities and redirect users to malicious sites. Google has removed all identified malicious apps and will alert users to uninstall them. Android users are advised to activate Google Play Protect for enhanced security. The ad fraud undermines the integrity of legitimate advertisers and developers.

AppWizard

November 3, 2025

Android users urged to delete hundreds of apps immediately in cyber attack warning

A new wave of cyber attacks targeting Android users has been identified, involving 224 compromised applications that have collectively amassed over 38 million downloads from the Google Play Store. This threat, named SlopAds by the Satori Threat Intelligence and Research Team, involves sophisticated advertising fraud techniques, including steganography, to generate illicit revenue through harmful ads embedded in apps. Google has removed all compromised applications from the Play Store and will notify users to uninstall them. Users are advised to enable Google’s Play Protect feature to safeguard against malicious applications. Ad fraud not only affects individual users but also undermines trust in the advertising ecosystem.

AppWizard

November 3, 2025

Hack alert as Android users warned to uninstall these risky apps

HUMAN's Satori Threat Intelligence and Research Team has identified and dismantled an ad fraud scheme called SlopAds, linked to 224 applications that have over 38 million downloads from Google Play across 228 countries. The perpetrators used techniques like steganography to embed fraudulent payloads in apps, creating hidden WebViews that redirected users to cashout sites for generating illegitimate ad impressions and clicks. Google has removed all identified malicious applications and will notify affected users to uninstall them. Users are encouraged to enable Google's Play Protect feature to prevent future threats. Ad fraud poses risks to advertisers and developers by tricking ad networks into accepting fraudulent ads. Invalid traffic can arise from developers using prohibited ad practices, undermining trust in the mobile advertising ecosystem. Users are advised to uninstall flagged applications to protect their devices.

AppWizard

November 3, 2025

Android warning as hundreds of apps should be deleted after cyber attack

A cyber attack known as SlopAds has compromised 224 Android applications, which have been downloaded over 38 million times from the Google Play Store. The attack involves malicious advertisements that deceive users into providing personal and financial information. The Satori Threat Intelligence and Research Team reported that the threat actors use techniques like steganography and hidden WebViews to direct users to fraudulent cashout sites. Google has removed all identified problematic apps from the Play Store and will alert users who downloaded them to uninstall them. Android users are advised to activate the Google Play Protect feature to prevent future threats. Ad fraud not only affects individual users but also undermines the integrity of reputable advertisers and developers.

Tech Optimizer

September 26, 2025

Malware Campaign Spreads Trojans via Hijacked Ads on Facebook, Google, YouTube

A recent malware campaign has transitioned from Meta’s advertising ecosystem to Google Ads and YouTube, initially targeting Facebook users through compromised business accounts. The threat originated from a Norwegian design agency’s hijacked Facebook Business account, promoting fraudulent ads for a fictitious “TradingView Premium” app that directed users to download malware. The malware is disseminated on YouTube through hijacked verified channels, leading victims to a downloader that installs Trojan.Agent.GOSL, capable of data theft and remote device control. Over 250 malicious apps targeting Android devices have been identified, equipped for credential theft and unauthorized access. Attackers compromise verified accounts to bypass scrutiny, altering page names to mimic official entities. The campaign exploits vulnerabilities in both Meta's and Google’s ad networks, utilizing OAuth URLs and ad placements to evade detection. Security experts recommend multi-layered defenses, enabling two-factor authentication, and verifying app sources to mitigate risks.

AppWizard

September 23, 2025

Hundreds of Android apps infested with cyber attack with users told to delete immediately

Android users are facing a security threat from a campaign aimed at extracting personal and financial information through a form of ad fraud called SlopAds, which has affected 224 Android applications with over 38 million downloads from the Google Play Store. Attackers embed corrupted advertisements in these apps, degrading device performance and generating revenue through fraudulent ad impressions and clicks. The malicious apps use steganography to conceal their activities, creating hidden WebViews that redirect users to hacker-controlled sites. Google has removed the identified malicious applications from the Play Store and will alert users to uninstall them. Security experts recommend enabling Google’s Play Protect feature to safeguard against harmful applications. Ad fraud undermines the integrity of the advertising ecosystem, harming reputable advertisers and developers. Users are advised to act promptly on notifications regarding infected applications to maintain device security.

AppWizard

September 17, 2025

38 Million Downloads Across 224 Malicious Android Apps on Google Play Deliver Harmful Payloads

Researchers from HUMAN’s Satori Threat Intelligence and Research Team discovered a digital advertising fraud operation called “SlopAds,” which involves 224 Android applications that have over 38 million downloads across 228 countries. SlopAds employs a multi-layered obfuscation strategy to deploy fraud modules that siphon ad revenue. The applications connect to Firebase Remote Config to retrieve an encrypted configuration that conceals URLs for PNG images containing fragments of an APK, which are reassembled to create the core fraud component known as FatModule. SlopAds generates approximately 2.3 billion bid requests daily, primarily targeting users in the United States (30%), India (10%), and Brazil (7%). Google Play Protect alerts users and blocks known SlopAds applications, and Google has removed these applications from the Play Store. Users who installed these apps from off-market sources remain vulnerable until they uninstall them.

AppWizard

September 17, 2025

Google dismantles huge Android ad fraud network distributing malware through 224 apps

Security researchers from HUMAN’s Satori Threat Intelligence and Research Team, in collaboration with Google, dismantled an ad fraud scheme called SlopAds, which involved over 224 AI-themed applications designed to generate fraudulent ad views and clicks. The scheme had over 38 million downloads across 228 countries and was responsible for 2.3 billion ad bid requests daily, with most traffic originating from the United States (30%), India (10%), and Brazil (7%). The apps used hidden browsers to load attacker-controlled websites, simulating ad clicks and impressions. Google removed the identified apps from the Play Store and advised users to uninstall them. Experts warn that the perpetrators may adapt their tactics to continue exploiting the digital advertising ecosystem.

AppWizard

September 16, 2025

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

A significant ad fraud and click fraud scheme known as SlopAds has been uncovered, involving a network of 224 applications that have collectively garnered 38 million downloads across 228 countries. The Satori Threat Intelligence and Research Team at HUMAN reported that these apps utilize steganography to embed hidden WebViews that redirect users to cashout sites controlled by the fraudsters, generating fraudulent ad impressions and clicks. At its peak, the SlopAds campaign was responsible for 2.3 billion bid requests daily, primarily from the United States (30%), India (10%), and Brazil (7%). Google has removed all implicated apps from the Play Store. The SlopAds scheme features conditional execution, where the ad fraud module, FatModule, is downloaded only if the app was installed following an ad click. The FatModule is concealed within four PNG image files and gathers device and browser information while executing ad fraud through hidden WebViews. Cashout mechanisms include HTML5 game and news websites owned by the threat actors, which monetize ad impressions and clicks. Approximately 300 domains promoting SlopAds apps have been identified, linking back to a secondary domain, ad2[.]cc, serving as a Tier-2 command-and-control server.

Winsage

September 3, 2025

Microsoft Warns Stop Using Google Chrome—Windows Users Change Browser

Between 50 and 100 million Windows users have switched browsers recently, favoring Google Chrome over Microsoft Edge. Chrome's desktop market share has increased from around 65% to over 70%, while Microsoft Edge has lost approximately 10% of its market share, now below 12%. Microsoft has attempted to discourage Chrome usage through aggressive campaigns, but these efforts have not succeeded in increasing Edge's popularity. Additionally, a favorable U.S. federal antitrust ruling has allowed Google to maintain Chrome as part of its search and advertising ecosystem.