• Business

    A huge Android ad fraud network was distributing malware through 224 apps – until Google fought back

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    A huge Android ad fraud network was distributing malware through 224 apps - until Google fought back

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Hundreds of Android apps band together in massive scam campaign targeting millions – here’s what we know

    Trying to strike it big? Beware, that TradingView app could be malware

    Over 11,000 Android devices hit by fake login RAT hidden in Meta Ads and fake Google Play store

    Over 250 malicious apps found targeting Android users in worrying attack – here’s how to stay safe

    Major new malware strain targets crypto users via malicious ads – here’s what we know, and how to stay safe

    Google sues alleged hackers behind BadBox 2.0 botnet which has infected millions of devices

    VPN Privacy & Security
    This fake VPN could have been spying on you all this time

    WordPress hackers are teaming up with commercial adtech firms to distribute malware to millions of users – here’s how to stay safe

    Dangerous Android malware targets US banking apps – 50,000 people already affected, make sure you’re not next

    Hackers are distributing a fake PDF Editor loaded with TamperedChef credential stealing malware

    Fake TikTok shops found spreading malware to unsuspecting victims – here’s how to stay safe

    Pakistani-based malware empire ‘punished’ software pirates with infostealers, earning millions of dollars in just five years – here’s how to stay safe

    Criminals are targeting hundreds of legitimate banking & crypto apps using an advanced virtualization technique — here’s how to stay safe

    Nearly a million browsers affected by more malicious browser extensions – here’s what we know

    This dangerous new Android malware looks to hide from detection with distorted APKs

    A huge Android ad fraud network was distributing malware through 224 apps – until Google fought back

    Sead Fadilpašić

    17 September 2025

    At its peak, the network was generating billions of ad bid requests a day

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock / tomeqs)

    SlopAds was a massive ad fraud scheme involving over 224 AI-themed apps that generated fake ad views and clicks
    The apps were downloaded more than 38 million times globally, peaking at 2.3 billion ad bid requests per day
    Google removed the apps and alerted affected users

    Security researchers from HUMAN’s Satori Threat Intelligence and Research Team, together with Google, uncovered and dismantled a gigantic ad and click fraud operation, counting hundreds of apps, millions of downloads, and billions of daily ad bid requests.

    The operation revolved around having victims generate fake ad views and clicks, essentially defrauding advertisers and ad networks out of their money.
    The threat actors created at least 224 AI-themed apps (although the researchers said the number of apps grew by the day), all of which were hosted on the Google Play Store.

    You may like

    Hundreds of Android apps band together in massive scam campaign targeting millions – here’s what we know

    Trying to strike it big? Beware, that TradingView app could be malware

    Over 11,000 Android devices hit by fake login RAT hidden in Meta Ads and fake Google Play store

    Removing the apps
    If a victim downloaded it via an ad (as opposed to directly from the repository), the app would download a malicious payload called FatModule, which created invisible WebViews (built-in browsers).

    These browsers, hidden from the victims’ view, load websites owned by the attackers, which are often either fake news sites, or HTML5 games. Once loaded, the WebViews would simulate ad clicks and impressions, basically turning the compromised smartphone into a ghost click farm.
    The researchers dubbed the operation SlopAds.
    Collectively, the apps were downloaded more than 38 million times, from 228 different countries and territories (the entire world, practically). At its peak, SlopAds accounted for 2.3 billion bid requests a day, HUMAN further explained, stating that the traffic from apps associated with SlopAds came from all over the world.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    Still, most of the traffic originated either in the United States (30%), India (10%), or Brazil (7%).
    HUMAN notified Google about their findings, and the search engine giant removed all of the identified apps from Google Play. Furthermore, the company said it notified everyone who had installed any of the malicious apps, suggesting victims remove them from their devices immediately.
    However, that doesn’t mean SlopAds is done for good: “The sophistication of SlopAds suggests the threat actors will likely adapt their scheme again to try to continue to defraud the digital advertising ecosystem,” HUMAN warned.
    You might also like

    Vicious malware found in Android apps with over 19 million installs – here’s how to stay safe
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Hundreds of Android apps band together in massive scam campaign targeting millions – here’s what we know

    Trying to strike it big? Beware, that TradingView app could be malware

    Over 11,000 Android devices hit by fake login RAT hidden in Meta Ads and fake Google Play store

    Over 250 malicious apps found targeting Android users in worrying attack – here’s how to stay safe

    Major new malware strain targets crypto users via malicious ads – here’s what we know, and how to stay safe

    Google sues alleged hackers behind BadBox 2.0 botnet which has infected millions of devices

    Latest in Security

    A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week – here’s how to stay safe

    New Phoenix RowHammer attack cracks open DDR5 memory defenses in minutes

    Former FinWise employee may have stolen sensitive data on 689,000 American First Finance customers

    The countdown is on – Chinese firms now have just an hour to report cybersecurity incidents

    North Korean hackers generate fake South Korean military ID using ChatGPT

    Bags of info stolen from multiple top luxury brands – double check your data now

    Latest in News

    Rumored Assassin’s Creed Black Flag Remake will reportedly ditch a major feature of the original game – and some fans aren’t happy

    Skate Early Access missions not showing bug – how to fix ‘all missions completed’ error

    Brits are better than Americans at spotting phishing scams, NordVPN study shows

    The Garmin Instinct Crossover AMOLED looks like a Casio G-Shock with added smarts, and I can’t wait to wear it

    Devialet launches new upgraded Phantom Ultimate speaker with ‘Heart Bass Implosion’ tech, which sounds as exciting as it does terrifying

    Finally! Here’s exactly when One UI 8 will likely come to your older Galaxy phone or tablet

    LATEST ARTICLES

    The Summer I Turned Pretty season 3 ending explained – who does Belly choose, is there a season 4, and more

    Rumored Assassin’s Creed Black Flag Remake will reportedly ditch a major feature of the original game – and some fans aren’t happy

    Is the iPhone 17 Pro really the fastest phone? I’ve reviewed today’s top phones, and here’s what lab tests tell me about Apple’s claim

    Hurry! This Dell laptop deal now costs just $330, a saving of $70, and its CPU is faster than anything I’ve seen at this price point

    I love my Nintendo Switch 2, but I can’t get over this one issue – and it’s nothing to do with battery life

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like