HUMAN Disrupts Sophisticated Mobile App Fraud Scheme SlopAds

HUMAN Security, Inc., a leading cybersecurity company committed to enabling trusted interactions and transactions across humans, bots, and AI agents, announced that it has uncovered and disrupted a sophisticated ad fraud and click fraud operation dubbed SlopAds.

The scheme, investigated by HUMAN’s Satori Threat Intelligence and Research Team (Satori), involves a collection of 224 mobile apps that created hidden WebViews, navigated to threat actor–controlled cashout sites, and clicked on ads to generate fraudulent revenue. SlopAds used layered obfuscation, digital steganography to deliver malicious modules, debugging and anti-analysis checks, and hidden traffic redirection to disguise activity. The apps were downloaded more than 38 million times from Google’s Play Store before removal. At its peak, SlopAds generated 2.3 billion fraudulent bid requests per day across 228 countries and territories.

Cyber Technology Insights : Cyera Boosts AWS Ties With Generative AI Competency, Adds New AWS Marketplace Listing

“SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities,” said Gavin Reid, CISO at HUMAN. “We fully expect the threat actors behind the scheme to continue to adapt and develop new apps and techniques, and HUMAN will be right here identifying and mitigating future iterations as a result.”

HUMAN monitored anomalous activity, traced it to a vast C2 and promotional network, and shielded customers from financial impact. SlopAds stands out for its novel use of attribution and measurement tools as an obfuscation tactic. Satori identified a threat actor-run ad campaign that promoted the apps, perpetuating the downstream ad and click fraud attacks. HUMAN’s Ad Fraud Defense and Ad Click Defense integrate real-time intelligence uncovered from investigations such as SlopAds to detect and filter out ad fraud pre-bid. Customers leveraging Ad Fraud Defense remain protected from the effects of SlopAds.

Cyber Technology Insights : AcceleTrex and IT-Harvest Launch Strategic Partnership to Unlock the Cybersecurity Referral Economy

“This operation shows new ways threat actors are trying to cover tracks,” said João Santos, Senior Manager of Threat Intelligence at HUMAN. “The level of obfuscation is quite complex. Threat actors retrieve encrypted configuration with a set of URLs, one for downloading the ad fraud module, URLs for a collection of H5 cashout domains, and another with a JavaScript payload powering the click fraud attack. Only sophisticated technology can catch those types of threats, which makes partnering with a company like HUMAN imperative for early detection and protection of schemes like this.”

Cyber Technology Insights : Rubrik Expands Integration with CrowdStrike Falcon to Deliver Rollback of Malicious Identity Changes

Source: globenewswire

To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com

Tags: AI Agents, Cybersecurity, HUMAN, Mobile App Fraud, technology

HUMAN Disrupts Sophisticated Mobile App Fraud Scheme SlopAds

CyberTech Media Room

Share With

Recent Posts

Barracuda Enhances BarracudaONE Platform with New MSP-Focused Capabilities

Dashlane and Yubico Team Up to Deliver Passwordless, Phishing-Resistant Vault Access

Crowe and SecurityScorecard Join Forces to Enhance Third-Party Cyber Risk Management

Databahn Partners with Wiz to Advance AI-Driven Security Data Management

How the Dark Web Impacts Your Brand’s Data Security

How to Identify and Avoid Fake Search Engines Leading to Harmful Sites

Contact Us

Quick Links

Insights

Get in touch

Follow Us

Our Other Brands