HUMAN researchers uncovered Trapdoor, a new Android ad fraud and malvertising operation that used 455 malicious apps and 183 attacker-controlled C2 domains to build a multi-stage fraud pipeline. Google removed the identified apps after disclosure, ending a campaign that generated massive traffic and abused attribution tools to hide malicious behavior from organic users. #Trapdoor #HUMAN #GooglePlayStore
Keypoints
- Trapdoor targeted Android users with utility-style apps that appeared harmless.
- The operation used secondary apps to launch hidden WebViews and request ads.
- Attackers abused install attribution tools to trigger fraud only for ad-driven installs.
- The campaign reached 659 million bid requests per day and over 24 million downloads.
- Google removed the malicious apps after HUMANβs responsible disclosure.
Read More: https://thehackernews.com/2026/05/trapdoor-android-ad-fraud-scheme-hit.html