Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation - HUMAN Security
(www.humansecurity.com)
from cm0002@lemmy.world to cybersecurity@infosec.pub on 17 Sep 14:09
https://lemmy.world/post/36056236
from cm0002@lemmy.world to cybersecurity@infosec.pub on 17 Sep 14:09
https://lemmy.world/post/36056236
HUMAN Security’s Satori team has uncovered “SlopAds,” a sophisticated ad fraud operation involving 224 Android apps downloaded over 38 million times across 228 countries[^1]. The apps use steganography to hide malicious code within PNG files and create hidden WebViews to generate fraudulent ad impressions and clicks[^1].
Key findings:
- Generated 2.3 billion daily bid requests at peak
- Heaviest traffic from US (30%), India (10%), and Brazil (7%)
- Only activated fraud for downloads traced to threat actor ad campaigns
- Used attribution tools and multiple layers of obfuscation to avoid detection
- Operated through extensive network of command-and-control servers
Google has removed the identified apps and enabled Google Play Protect warnings to block future installations[^1]. HUMAN’s Ad Fraud Defense and Ad Click Defense customers are protected from SlopAds’ impact[^1].
[^1]: HUMAN Security - Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation
threaded - newest