A worrying new Android attack has been spotted that could leave your phone full of annoying ad fraud.
Android users are facing yet another threat that could turn their devices into instant cash machines for cyber crooks. The new attack has been using popular apps to install software that can then commit ad fraud. This basically runs in the background of the device and generates fake clicks. Although the phone owner doesn’t lose money themselves, this threat can slow down devices and is not something any of us wants on our smartphones.
The attack – which has been dubbed SlopAds – has been made worse by many of the infected apps appearing on the Google Play Store.
It was first spotted by the Satori Threat Intelligence and Research Team, with it thought a whopping 224 Android apps were affected. These have since been downloaded over 38 million times across the world.
Explaining more, HUMAN’s Satori Threat Intelligence and Research Team, said: “We have uncovered and disrupted a sophisticated ad fraud and click fraud operation dubbed SlopAds.
“The threat actors behind SlopAds operate a collection of 224 apps and growing, collectively downloaded from Google Play more than 38 million times across 228 countries and territories.
“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks.”
Since being made aware of the bug, Google has removed all of the offending applications from its platform. That means no new users can be infected, but anyone who has already downloaded one of the applications could still be generating cash for crooks.
That’s why it’s vital to watch out for warning messages.
Satori Threat Intelligence and Research Team says that all users who have these identified apps installed on their devices will receive an alert and will be prompted to uninstall them.
This is part of Google’s Play Protect service, which is on by default. If you see a warning, do not delay and delete the app as soon as possible.
What is ad fraud?
Advert fraud is a strange attack as it doesn’t actually harm the users. Instead, it simply makes the hackers cash by running fake clicks in the background. What it can do, however, is slow down devices as they become overloaded with things going on in the background.
As Google explains, “Ad interactions generated for the purpose of tricking an ad network into believing traffic is from authentic user interest is ad fraud, which is a form of invalid traffic.
“Ad fraud may be the byproduct of developers implementing ads in disallowed ways, such as showing hidden ads, automatically clicking ads, altering or modifying information and otherwise leveraging non-human actions (spiders, bots, etc.) or human activity designed to produce invalid ad traffic.
“Invalid traffic and ad fraud is harmful to advertisers, developers, and users, and leads to long-term loss of trust in the mobile Ads ecosystem.”
