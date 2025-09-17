A sprawling Android ad fraud campaign that hijacked millions of devices worldwide has been dismantled after Google removed 224 malicious apps from the Play Store. The scheme, dubbed “SlopAds”, was capable of generating a staggering 2.3 billion ad requests every day, according to researchers at HUMAN’s Satori Threat Intelligence team.

The malicious apps, disguised as legitimate utilities and entertainment tools, had been downloaded more than 38 million times across 228 countries, with the highest user concentration in the United States (30%), India (10%), and Brazil (7%).

The Mechanics of SlopAds

At first glance, SlopAds ad fraud apps appeared to work normally, offering the functionality promised on their Play Store listings. But beneath that façade lay a web of complicated techniques designed to outsmart both Google’s review process and mobile security tools.

The apps used Firebase Remote Config to pull encrypted instructions, including URLs for malware modules and cashout servers. They then performed checks to confirm whether the installation came from a genuine user rather than a researcher.

If validated, the apps would secretly download four PNG images containing fragments of malicious code hidden through steganography. Once pieced together, these images reassembled into a malware component dubbed “FatModule”, which powered the ad fraud engine.

FatModule used hidden WebViews to harvest device data and load fraudulent ad pages impersonating news and gaming sites. Ads were served continuously in the background, unseen by victims but profitable for attackers. At its peak, SlopAds was generating billions of fake ad impressions and clicks daily.

“AI Slop” Origins

Researchers explained the name SlopAds as a nod to the low-effort, mass-produced nature of the apps similar to “AI slop” and because the attackers’ servers hosted several AI-themed services. HUMAN’s analysis also revealed over 300 promotional domains tied to the campaign, suggesting the operation was primed for further expansion.

SlopAds Ad Fraud: Google’s Action Google says it has removed all the bad apps and updated Google Play Protect to warn users if any are still installed. Experts warn that this scheme shows how far fraudsters will go to trick app stores and security systems. By using advanced tricks like hidden code in images, they made their apps harder to detect. Ad fraud already costs advertisers billions every year. SlopAds highlights the growing scale of the problem and the need for users to be careful even on official app stores. Security experts recommend: Download only apps you really need.

Check reviews before installing.

Keep Google Play Protect enabled.