Nigeria has been ranked among the top 10 countries targeted by one of the largest mobile ad fraud operations found on the Google Play Store. The campaign, named SlopAds, used 224 apps with more than 38 million downloads worldwide to secretly generate up to 2.3 billion fake ad requests a day, draining advertisers’ budgets and compromising millions of devices.
The discovery was made by HUMAN’s Satori Threat Intelligence team, who tracked the operation and worked with Google to take down the apps. The takedown is among the biggest crackdowns on mobile ad fraud in recent memory.
How SlopAds worked
In contrast to normal malware that will easily show malicious activity, SlopAds was designed to be stealthy. The apps were apparently benign on the surface, performing their intended function upon installation. However, when installed through ads promoted by the perpetrators, they activate a stealthy fraud module that secretly launches invisible browser windows, or WebViews, in the background.
From these hidden windows, the apps opened websites operated by the scammers, triggering fake ad impressions and clicks. The result: advertisers were being charged for ads that were never actually seen by users.
At its peak, the network was generating billions of fake ad requests every single day, a scale that researchers said was unprecedented. To make detection even more difficult, the scammers used steganography, a technique for hiding code in image files, to deliver parts of the malicious module to devices.
These were then reassembled on the user’s phone to create a clandestine fraud engine that could continue to run without the user’s awareness. The researchers also discovered that the operation was highly targeted. Only downloads linked to the fraudsters’ own advertising campaigns would trigger fraudulent activity.
Apps installed organically, through a direct Play Store search, would lie dormant, reducing the risk of being flagged and taken down prematurely.
Although the SlopAds network itself was global, exposing users in 228 countries and territories, Nigeria was among the ten most affected markets. It was among a list which also included the United States, India, Brazil, South Africa, and Mexico, all of which had high traffic from the infected apps.
This level of targeting testifies to Nigeria’s growing importance in the global digital advertising ecosystem. With a very large number of smartphone customers and growing mobile web access, the country has become an attractive market not just for legitimate advertisers but also for cybercriminals looking to profit from fraudulent clicks and impressions.
To users in Nigeria, the apps were particularly detrimental as they sucked device resources like data, battery, and processing power, even while they continued to run in the background without being noticed. To advertisers, the impact was financial, with millions of dollars lost to ad spend that never reached real viewers.
Google’s response to SlopAds and next steps
Once the scope of the operation was established, Google removed all 224 SlopAds-related apps from the Play Store. Google also activated Google Play Protect, its automatic security feature that scans devices, warns users about malicious apps, and prompts them to uninstall the apps.
“Play Protect is enabled by default on all certified Android devices and will now notify users who have these apps installed,” the researchers said.
The takedown also disrupted the command-and-control servers of the fraudsters’ operation, preventing the apps from receiving further instructions. However, security experts warn that cybercriminal gangs tend to attempt to rebuild their networks after takedowns.
Researchers note that SlopAds wasn’t a single campaign but rather an infrastructure that could be reused. There were over 300 promotional domains on the network, which suggests that threat actors were planning to scale or restart their scheme with new apps.
What users can do
The Google experts advise Android users to keep Play Protect on and delete those apps that Google identifies as malicious. They also recommend downloading apps from reputable developers alone and reviewing app permissions periodically to prevent background activities that may lead to device damage.
Advertisers are also encouraged to work with partners that have fraud measurement and detection solutions in a bid to mitigate losses incurred through invalid traffic. The scale of SlopAds demonstrates that ad fraud is no longer merely a nuisance but a full-fledged global issue affecting all players in the digital advertising space.
As Nigeria is now confirmed as one of the most targeted countries, the episode serves to underline the need for greater user vigilance, secure app environments, and more aggressive tracking of mobile ad traffic. The removal of SlopAds is a big win, but researchers warn that the war on industrial-scale ad fraud is very far from over.
