An Android malware campaign by the name of “SlopAds” has infected millions of Google Play applications, generating billions of ad requests per day. While Google has taken steps to mitigate the campaign, experts say the hackers will adapt and evolve their malware to exploit victims further.
The malicious applications associated with the SlopAds campaign were downloaded 38 million times across 228 countries, with the majority of fraudulent traffic originating from the United States (30%), India (10%), and Brazil (7%), as Red Team News reports.
HUMAN’s Satori Threat Intelligence and Research Team said in a report shared with The Hacker News: “These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks.”
To understand this risk further, Digital Journal heard from Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka.
Apps downloaded more than 38 million times from Google’s Play Store.
SlopAds generated 2.3 billion fraudulent bid requests per day across 228 countries and territories.
Sood begins by outlining the primary risks associated with this cybersecurity risk: “Compromised applications hosted on the App Store exploit user trust in the platform’s security. Once attackers gain control, whether by injecting malicious code, hijacking developer accounts, or abusing third-party ad SDKs, these apps can deliver harmful payloads in the form of malicious advertisements. Such ads may redirect users to phishing sites, install additional malware, or harvest sensitive information, all while bypassing traditional review mechanisms since ads are served dynamically after installation.”
The concerns continue, as Sood identifies: “Beyond exposing users to data theft and fraud, this also damages the reputation of the App Store and the affected developers, erodes consumer trust in mobile ecosystems, and creates opportunities for large-scale exploitation.”
Despite the measures taken to date, the risk is not yet suppressed. Here Sood cautions: “While Google has been working to remove all of the malicious applications from its Play Store, experts are warning that the actors are likely to adapt their scheme and launch additional campaigns in the future. It’s imperative that individuals and organisations take action in order to prevent malware from infecting their devices.”
To protect businesses, a more robust and proactive approach is required. Sood recommends: “One key step is to ensure that applications are only being downloaded directly from Google’s Play Store, as the malware does not activate unless the ad is clicked. Additionally, organisations should implement anti-malware which proactively neutralises malicious software before it can activate, cause harm, or lead to further breaches. With the right tools in place, companies can ensure their operations are resilient in the face of rising threats.”
