{"id":596743,"date":"2025-11-27T08:10:31","date_gmt":"2025-11-27T08:10:31","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/596743\/"},"modified":"2025-11-27T08:10:31","modified_gmt":"2025-11-27T08:10:31","slug":"android-users-told-to-delete-apps-immediately-after-cyber-attack-infestation","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/596743\/","title":{"rendered":"Android users told to delete apps immediately after cyber attack infestation"},"content":{"rendered":"<p>Hundreds of Android apps infected with SlopAds ad fraud malware have been removed from the Google Play store after they were downloaded over 38 million times &#8211; with users being warned to delete them<\/p>\n<p><strong class=\"Strong_strong__e2x35 __className_0292ec\">Eilidh Farquhar<\/strong> Trainee Affiliates Writer, <strong class=\"Strong_strong__e2x35 __className_0292ec\">Benedict Tetzlaff-Deas<\/strong> News Reporter and <strong class=\"Strong_strong__e2x35 __className_0292ec\">David Snelling<\/strong><\/p>\n<p>19:49, 26 Nov 2025<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/11\/0_In-this-photo-illustration-the-Android-logo-seen-displayed.jpg\" alt=\" A picture of a hand holding an Android phone\" loading=\"eager\"  \/>Android users have been warned about a new security threat to their devices (file photo)(Image: SOPA Images\/LightRocket via Getty Images)<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">Cyber criminals are once again targeting <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.mirror.co.uk\/all-about\/android\" target=\"_blank\" aria-label=\"Android Link opens in a new tab.\" tabindex=\"0\" rel=\"noopener\">Android <\/a>devices in a bid to trick unsuspecting victims into handing over their personal and financial information.<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">Users are being urged to remove <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.mirror.co.uk\/all-about\/apps\" target=\"_blank\" aria-label=\"appsLink opens in a new tab.\" tabindex=\"0\" rel=\"noopener\">apps<\/a> that have been compromised by the fresh <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.mirror.co.uk\/all-about\/scams\" target=\"_blank\" aria-label=\"scamLink opens in a new tab.\" tabindex=\"0\" rel=\"noopener\">scam<\/a> immediately, which involves hackers carrying out a sophisticated form of advertising fraud. By flooding apps with malicious adverts, hackers can slow down the devices they&#8217;ve compromised whilst padding their own pockets.<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">The fresh attack was identified by the Satori Threat Intelligence and Research Team and has been dubbed &#8216;SlopAds&#8217;. Researchers have found that 224 Android apps were affected by this assault, which have been downloaded more than 38 million times via the <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.mirror.co.uk\/all-about\/google\" target=\"_blank\" aria-label=\"GoogleLink opens in a new tab.\" tabindex=\"0\" rel=\"noopener\">Google<\/a> Play Store app.<\/p>\n<p>READ MORE: <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.mirror.co.uk\/news\/uk-news\/breaking-amazon-attack-warning-ahead-36308281\" data-tmdatatrack=\"read-more\" data-tmdatatrack-articleid=\"36308281\" data-tmdatatrack-source=\"editorial\" tabindex=\"0\" target=\"_blank\" rel=\"noopener\">Amazon attack warning ahead of Black Friday as 300 million customers at risk<\/a>READ MORE: <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.mirror.co.uk\/tech\/cybersecurity-specialist-says-make-microsoft-36279545\" data-tmdatatrack=\"read-more\" data-tmdatatrack-articleid=\"36279545\" data-tmdatatrack-source=\"editorial\" tabindex=\"0\" target=\"_blank\" rel=\"noopener\">Cybersecurity specialist says make Microsoft Windows change &#8211; or &#8216;be exposed&#8217;<\/a><img decoding=\"async\" src=\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/11\/0_Hacker-attacking-internet.jpg\" alt=\"A dark image of a person wearing a hoodie hunched over a laptop \" loading=\"lazy\"  \/>Hackers have been flooding apps with malicious adverts (file photo)(Image: Getty Images)<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">Security specialists from the team revealed: &#8220;HUMAN&#8217;s Satori Threat Intelligence and Research Team has uncovered and disrupted a sophisticated ad fraud and click fraud operation dubbed SlopAds. The threat actors behind SlopAds operate a collection of 224 apps and growing, collectively downloaded from Google Play more than 38 million times across 228 countries and territories.<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">&#8220;These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks. The threat actors&#8217; infrastructure and many of the apps share an AI theme, contributing to the name of the operation.&#8221;<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">It&#8217;s crucial to highlight that Google has successfully eliminated all of the problematic apps, ensuring that no fresh users will fall victim to ad fraud. Those concerned about having downloaded one of the applications containing the SlopsAds bug have been told that all those affected will receive an alert encouraging them to remove the apps, reports <a class=\"TextLink_text-link__dBSS0 TextLink_enabled__dJF3l\" href=\"https:\/\/www.dailyrecord.co.uk\/news\/science-technology\/hundreds-android-apps-infested-cyber-35948361\" target=\"_self\" aria-label=\"\" tabindex=\"0\" rel=\"noopener\">the Daily Record<\/a>.<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">To safeguard against future attacks, all Android users are being advised to ensure Google&#8217;s Play Protect feature within the app store remains activated. This mechanism will alert users to potentially corrupted applications before installation, whilst also blocking any subsequent apps that have demonstrated behaviour linked to SlopAds.<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">Ad fraud doesn&#8217;t merely harm device users, but also legitimate advertisers and developers as hackers deceive the network into permitting their infected advertisements. Google added: &#8220;Ad interactions generated for the purpose of tricking an ad network into believing traffic is from authentic user interest is ad fraud, which is a form of invalid traffic.<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">&#8220;Ad fraud may be the byproduct of developers implementing ads in disallowed ways, such as showing hidden ads, automatically clicking ads, altering or modifying information and otherwise leveraging non-human actions (spiders, bots, etc.) or human activity designed to produce invalid ad traffic. Invalid traffic and ad fraud is harmful to advertisers, developers, and users, and leads to long-term loss of trust in the mobile Ads ecosystem.&#8221;<\/p>\n<p class=\"Paragraph_paragraph-text__PVKlh \" data-tmdatatrack=\"content-unit\" data-tmdatatrack-type=\"paragraph\" publication=\"mirror\">Android users are being advised to act swiftly and delete any apps flagged as infected to safeguard their devices.<\/p>\n","protected":false},"excerpt":{"rendered":"Hundreds of Android apps infected with SlopAds ad fraud malware have been removed from the Google Play store&hellip;\n","protected":false},"author":2,"featured_media":596744,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[2061,2062,188,38218,16835,867,53,16,15],"class_list":{"0":"post-596743","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-android","9":"tag-apps","10":"tag-crime","11":"tag-daily-record","12":"tag-floods","13":"tag-google","14":"tag-technology","15":"tag-uk","16":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/115620652444107970","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/596743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=596743"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/596743\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/596744"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=596743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=596743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=596743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}