Android Ad Fraud Operation Generates 659M Bid Requests
Android Ad Fraud Operation Generates 659M Bid Requests
https://www.govinfosecurity.com/android-ad-fraud-operation-generates-659m-bid-requests-a-31731
Publish Date: 2026-05-19 18:18:00
Source Domain: www.govinfosecurity.com
Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime
Researchers Identify 455 Malicious Apps Tied to Global Malvertising Campaign
Image: Shutterstock
Cybercriminals used malicious Android apps to funnel unwitting users to an ad fraud scam that generated up to 659 million daily bid requests, reports Human Security.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Dubbed Trapdoor by researchers, the ad fraud and malvertising scam has spanned 455 malicious Android apps and is linked to 183 threat actor-owned command-and-control domains.
Researchers said threat actors target cloth malicious apps as harmless utilizes such as PDF viewers, file managers or device cleanup tools. After downloading any one of the 455 threat actor-owned apps, the malvertising fraud pipeline begins.
The apps prompt users to download a slew of fake software updates, delivering a second-stage payload. Human researchers observed the secondary payload deploying hidden embedded browsers that load malicious HTML5 domains and content behind the scenes, generating fake ad impressions, user clicks and ad bid requests without the user’s knowledge.
The operation abuses and impersonates legitimate mobile advertising infrastructures and installs attribution services – tools utilized by real marketers – to evade user…
