Summary: A large-scale ad fraud campaign, known as Vapor, has been identified, utilizing hundreds of malicious apps on the Google Play Store to deliver intrusive ads and launch phishing attacks. These apps masqueraded as legitimate applications, exploiting users into providing sensitive information, resulting in over 60 million downloads. Security researchers highlight the sophisticated methods used by perpetrators to evade detection and maintain their operations.
Affected: Google Play Store, Android Users
Keypoints :
- Fraudsters launched over 331 malicious apps, garnering more than 60 million downloads, generating over 200 million daily bid requests.
- Attackers utilized versioning to pass Googleβs vetting process by initially publishing benign apps.
- Some apps hide their icons, collect sensitive information, and can function without user interaction, even on newer Android versions.
- New detection evasion tactics include changing names and icons to impersonate legitimate services.
Source: https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html