"These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks," HUMAN's Satori Threat Intelligence and Research Team said in a report shared with The Hacker News. The name "SlopAds" is a nod to the likely mass-produced nature of the apps and the use of artificial intelligence (AI)-themed services like StableDiffusion, AIGuide, and ChatGLM hosted by the threat actor on the command-and-control (C2) server."
"A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. The company said the campaign accounted for 2.3 billion bid requests a day at its peak, with traffic from SlopAds apps mainly originating from the U.S. (30%), India (10%), and Brazil (7%). Google has since removed all the offending apps from the Play Store, effectively disrupting the threat."
A cluster of 224 Android apps attracted 38 million downloads across 228 countries and territories. The apps used steganography to deliver an ad fraud payload and created hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks. The apps query a mobile marketing attribution SDK to determine if installation followed an ad click; fraudulent behavior activates only after non-organic installs and triggers download of the FatModule ad-fraud module from a command-and-control server. The campaign generated up to 2.3 billion bid requests per day, with traffic concentrated in the U.S. (30%), India (10%), and Brazil (7%). Google removed the offending apps from the Play Store.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]