"A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. The ad fraud campaign was discovered by HUMAN's Satori Threat Intelligence team, which reported that the apps were downloaded over 38 million times and employed obfuscation and steganography to conceal the malicious behavior from Google and security tools."
"However, if it was determined that the app was installed by the user clicking arriving via one of the threat actor's ad campaigns, the software used Firebase Remote Config to download an encrypted configuration file that contained URLs for the ad fraud malware module, cashout servers, and a JavaScript payload."
A large-scale Android ad fraud operation named SlopAds leveraged 224 malicious Google Play apps to generate roughly 2.3 billion bid requests per day. The apps accumulated over 38 million downloads across 228 countries, with the highest ad impressions from the United States (30%), India (10%), and Brazil (7%). The campaign used obfuscation and steganography to hide malicious behavior from Google and security tools. Apps behaved normally when installed organically but used Firebase Remote Config to fetch encrypted configurations for fraud modules when installs resulted from the actors' ad campaigns. The software verified device legitimacy before proceeding to fetch additional components.
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]