'SlopAds' Fraud Campaign Uses Novel Obfuscation Techniques

Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad Fraud Rashmi Ramesh (rashmiramesh_) • September 16, 2025

A cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store.

See Also: Why Cyberattackers Love 'Living Off the Land'

Researchers at Human Security said Tuesday they saw the threat actor behind the campaign operate a collection of 224 apps - and growing - with 38 million collective downloads across the globe. They dubbed the campaign "SlopAds," since the apps underpinning the campaign have a low-quality sheen indicative of content churned out by generative artificial intelligence. Many of the apps also had an AI theme.

At its peak, the SlopAds campaign accounted for 2.3 billion online ads bids per day ...