Over 200 harmful Android apps accessible on Google Play, accumulating approximately 38 million downloads, clandestinely distributing destructive software.
In a significant revelation, the mobile ad fraud operation known as SlopAds has been uncovered by HUMAN's Satori Threat Intelligence team. The operation, which infiltrated the Google Play Store with 224 malicious applications, represents one of the most extensive mobile fraud schemes discovered to date.
The malware used in the campaign is called "FatModule," but the group behind SlopAds remains unnamed in the available sources. The threat actors employed advanced steganography techniques and multi-layered obfuscation to deliver fraudulent advertising payloads, effectively bypassing traditional security scanning methods that focus on executable file analysis.
The SlopAds campaign was activated only when users downloaded apps through specific advertising campaigns. The malicious applications, themed around AI, collectively amassed over 38 million downloads across 228 countries and territories. Traffic distribution for the SlopAds campaign was heavily concentrated in the United States (30%), India (10%), and Brazil (7%).
The fraud execution occurred within hidden WebViews that collected comprehensive device fingerprinting data. This information enabled precise targeting and navigation to threat actor-controlled cashout domains. The SlopAds system also used digital steganography to hide malicious code within PNG image files, further masking its malicious activities and avoiding detection by security solutions.
SlopAds applications generated approximately 2.3 billion fraudulent bid requests daily at peak operation. The malicious applications employed Firebase Remote Config, a legitimate Google development tool, to retrieve encrypted configuration data. The decrypted PNG files formed the complete FatModule responsible for executing fraud operations.
Google Play Protect warns against and blocks installation of known malicious SlopAds applications, even from third-party sources. It's a reminder of the constant vigilance required to combat such sophisticated threats and protect users from potential harm.
The SlopAds operation is a stark reminder of the evolving nature of cyber threats and the need for innovative and adaptive security measures to stay ahead of the game. As the digital landscape continues to expand, so too will the efforts to safeguard it, ensuring a secure environment for all users.
Read also:
- East Asian countries should be cautious, as scamming operations are moving towards the region - it's high time we stay vigilant. - Phar Kim Beng
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
- Digital passwords come under pressure as major tech companies move towards strengthened security measures
- Blockaid's security services now integrated into D'CENT Wallet, enhancing Web3's safety measures.
