Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation - HUMAN Security (www.humansecurity.com)

submitted 4 days ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

HUMAN Security's Satori team has uncovered "SlopAds," a sophisticated ad fraud operation involving 224 Android apps downloaded over 38 million times across 228 countries[^1]. The apps use steganography to hide malicious code within PNG files and create hidden WebViews to generate fraudulent ad impressions and clicks[^1].

Key findings:

Generated 2.3 billion daily bid requests at peak
Heaviest traffic from US (30%), India (10%), and Brazil (7%)
Only activated fraud for downloads traced to threat actor ad campaigns
Used attribution tools and multiple layers of obfuscation to avoid detection
Operated through extensive network of command-and-control servers

Google has removed the identified apps and enabled Google Play Protect warnings to block future installations[^1]. HUMAN's Ad Fraud Defense and Ad Click Defense customers are protected from SlopAds' impact[^1].

[^1]: HUMAN Security - Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation

App list Domain list

top 1 comments

sorted by: hot top new old

[-] [email protected] 1 points 4 days ago

Google Play never was a reliable source and Google Play Protect never protect against anything as shown here, that infected apps are only removed after reporting it, as ocurred also in the past. If you don't use an third party AV in Android, eg.BitDefender, valid even the free version, you don`t have any protection by Google against Malware.

this post was submitted on 17 Sep 2025

2 points (100.0% liked)

Security

6125 readers

1 users here now

Confidentiality Integrity Availability

founded 5 years ago

MODERATORS

[email protected]