AppWizard
October 31, 2025
Integral Ad Science (IAS) has identified an ad-fraud operation called ‘Arcade’ that exploits over 50 Android gaming apps with around 10 million installations. This operation reroutes ad traffic to more than 200 HTML5 gaming sites, generating ad impressions without user engagement. Initially active in the US, Brazil, and Canada, Arcade has shifted focus to the Asia-Pacific region, with countries like Turkey, Vietnam, the Philippines, Thailand, Indonesia, and Malaysia accounting for nearly half of the detected traffic by September 2025. The apps switch to fraud mode upon detecting installation from a paid campaign, activating hidden browsing and ad-serving code via a remote command-and-control server. Arcade generates revenue through covert traffic to gaming domains and disruptive ads outside standard app usage. Despite having fewer apps than previous IAS findings, Arcade has a significantly larger traffic impact.