Application security

Trapdoor ad fraud campaign used hundreds of Android apps

Bloggers touch screen smartphone light night city, girls using in hands mobile phone closeup, online wi-fi internet, woman texting text message

As reported by Tech Radar, security researchers have uncovered and dismantled a significant ad fraud operation known as Trapdoor, which utilized 455 Android applications and 183 command-and-control domains to generate millions of dollars in illicit profits.

The Trapdoor campaign initially distributed seemingly legitimate utility apps, such as PDF readers, through the Google Play Store. After installation, these apps would prompt users for a fake update, which in reality downloaded a different, hidden application. This secondary app launched invisible WebViews that generated an estimated 659 million fraudulent ad bid requests daily. These unseen ads defrauded advertisers and companies relying on ad networks.

Google has since removed the affected apps, which had accumulated over 24 million downloads. Researchers warn that this operation highlights a dangerous pipeline where malvertising leads to app installs, which in turn generate revenue that can fund further malicious campaigns, impacting the integrity of the digital advertising ecosystem.

Source: Tech Radar

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds