Google Play Flooded With 224 Malicious Apps, 38 Million Downloads Deliver Malware

A global ad fraud and click fraud operation, dubbed SlopAds, comprising 224 Android apps that collectively amassed more than 38 million downloads across 228 countries and territories.

Under the guise of AI-themed utilities, these apps employ advanced obfuscation techniques—such as steganography and hidden WebViews—to deliver a fraud payload that generates billions of ad impressions and clicks for threat actor–owned cashout sites.

SlopAds infrastructure relies on multiple command-and-control (C2) servers and dedicated promotional domains, indicating a well-resourced threat actor poised to expand the operation further.

At its peak, SlopAds generated 2.3 billion bid requests per day, with traffic originating predominantly from the United States (30 percent), India (10 percent), and Brazil (7 percent).

Promotional domains serve little purpose beyond redirecting users to the Google Play Store listings, and more than 300 such domains have been linked to this threat ...