Google Removes Hundreds Of Android Apps From Play Store To Disrupt Massive AI SlopAds Ad Campaign
The name was derived from the fact the threat actors heavily used AI apps and services as part of its infrastructure for this campaign, which included ChatGPT, ChatGLM and AIGuide. The voluminous number of apps created to be used by the attackers also “have the veneer of being mass produced, a la “AI slop.”
One of the more notable aspects of this campaign is the lengths the attackers went to in order to fly under the radar. First, these apps conduct a variety of checks on a user’s device using a mobile marketing platform before attempting to commit the ad fraud. Users who found one of the apps within the Play Store didn’t see the fraudulent ads, while those who got to the Play Store listing from an outside source did receive the fraudulent ads.
Users who were part of the latter group would have FatModule installed on their device, which is a module the attackers use to manage the fraud campaign. Once this module is in place, it begins to collect data about a user’s device, including what web browser is being used or if the device has been rooted. All this information is used to determine whether to continue the attack or could potentially allow for further attacks in the future.
Once a device is compromised, users would receive payloads using hidden WebViews that would navigate them to “cashout sites.” These sites would fraudulently generate ad impressions and clicks that would result in the threat actors getting a payout.
Ad fraud campaigns such as this one are a big part of why Google is on track to making Android a more closed down ecosystem, similar to Apple’s iOS.
