Google has taken action to stop a major malware operation from impacting millions worldwide. The Satori Threat Intelligence and Research Team from cybersecurity company HUMAN uncovered 224 fraudulent apps with 38 million downloads across 228 countries and territories.
Dubbed ad and click, this type of fraudulent activity leverages online advertising systems to make it look like real people are viewing or clicking on ads, when in reality, there weren't any genuine interactions. This major fraud scheme was titled "SlopAds", which is likely in reference to the massive amount of apps developed in a short amount of time. It's also been suggested that AI was used to help complete this.
However, the team of scammers behind the SlopAds campaign have not been named.
Many of the apps acted seemingly normal when downloaded directly from the Google Play Store.
| GETTY IMAGESSo how did they pull this scheme off?
The bad actors behind the scam went to great lengths to conceal themselves, so cybersecurity took longer to uncover what was really happening. In a report, the team at HUMAN said, "These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks."
This means apps were developed and published only to commit fraud under certain circumstances, meaning they were able to hide in plain sight every other time.
Many of the apps acted seemingly normal when downloaded directly from the Play Store.
However, some apps were downloaded from ads that were disguised as fake pages. After you installed the apps, they secretly followed hidden instructions, pulled extra code disguised inside pictures, and opened web pages in the background on your devices.
These pages faked clicks on ads, too, tricking advertisers into paying for traffic that never really happened.
Google's services are available in 219 countries and territories worldwide and are used by billions, making it a desirable target for bad actors to try and steal valuable information
| GETTY IMAGESLATEST DEVELOPMENTS
- iPhone Air squeezes 'MacBook-like power' into the thinnest smartphone
- iPadOS 26 release date: Apple reveals when you'll unlock new features
- Hundreds of dodgy streaming sites BLOCKED in UK
- Gmail will bring new feature to your inbox
The scam occurred globally, but the US took the biggest hit with most fraudulent website traffic, totalling 30%. India followed behind with 10% and Brazil took the third position with 7% of all fraud traffic. HUMAN confirmed that the campaign accounted for 2.3 billion bid requests a day at its peak volume.
SlopAds also included hundreds of promotional domains and command-and-control servers, meaning they were potentially planning to grow this scam to be much larger. Yikes.
Google hasn't had the luckiest summer when it comes to fraud attempts. A couple of weeks ago, Google confirmed one of the biggest data breaches for Gmail users. The tech giant also issued a "critical" update to fix an Android flaw that lets hackers take control of your phone.
Google's services are available in 219 countries and territories worldwide, demonstrating its extensive global reach. Given its massive global presence and billions of people using its products daily, it makes it a desirable company for hackers to target and steal valuable information and data.
Our Standards: The GB News Editorial Charter
More From GB News