Google has removed 224 Android apps from the Play Store after a massive ad fraud campaign, SlopAds, was exposed for using deception and obfuscation to generate 2.3 billion fake ad requests per day via Android devices.
SlopAds, as revealed by HUMAN’s Satori Threat Intelligence team, amassed over 38 million downloads from around the world and used 224 apps across 228 countries and territories to power its scheme. The campaign used Android-specific fraud tactics, including hiding malicious behavior behind innocuous app features, and triggering fraudulent actions only when users had installed the app via one of the attacker-run ad campaigns.
Hidden in plain sight
HUMAN Satori
Many of the apps behaved normally if installed directly from the Play Store, but if the installation stemmed from a promotional ad, they would fetch encrypted configuration data, download hidden modules disguised in image files (via steganography), then initiate webviews that invisibly load cash-out sites for fake ad clicks and impressions.
Geographically, the most fraudulent traffic came from the United States (≈ 30%), followed by India (≈ 10%) and Brazil (≈ 7%). The infrastructure behind SlopAds also included hundreds of promotional domains and command-and-control servers, suggesting the operation was not only large already but was being prepared for further growth.
HUMAN Satori
Google Play Protect and Google removed the malicious apps once identified, and Android users are being warned to uninstall any of the affected apps if still present.
Why it matters
This incident highlights how Android’s app ecosystem remains a powerful target for ad fraud gangs, especially when combined with clever evasion methods. The use of hidden modules, conditional behavior based on how an app was installed, and the concealment of malicious APK code inside harmless-looking image files all point to evolving sophistication that bypasses various protections.
Android users should keep Google Play Protect active, carefully check app permissions, and avoid apps promoted through unclear or suspicious advertising campaigns.
F-droid doesn’t suffer with this sort of abuse and never will for a very simple reason.
The easiest, quickest and most cost effective way to stop this happening is by not allowing apps to have a massive security and privacy hole by showing adverts.
If devs want to make money then sell the apps for honest money, and if people won’t pay that means your apps are not worth paying for.