Android users are being warned to delete 224 apps from their devices after a sophisticated ad fraud operation, dubbed SlopAds, was discovered. The malicious apps were downloaded over 38 million times from the Google Play Store before being removed by Google.
The Satori Threat Intelligence and Research Team identified the threat, which uses steganography to hide code and creates hidden WebViews to generate fraudulent ad impressions and clicks. The apps, many with an AI theme, were found across 228 countries and territories.
Google has confirmed that all offending applications have been removed from the Play Store, preventing new infections. Users with Google Play Protect enabled are automatically protected and will receive warnings if they attempt to install any app exhibiting SlopAds behaviour.
For those who have already installed an infected app, Play Protect will prompt them to uninstall it. Security experts advise users not to ignore these alerts and to delete any flagged apps immediately to prevent device slowdowns and potential data risks.
Ad fraud, as explained by Google, harms advertisers, developers, and users by generating invalid traffic, undermining trust in the mobile advertising ecosystem. Users are urged to remain vigilant and keep Play Protect active.
