Ad Tech Briefing: Ad fraud hasn’t gone away – it’s getting more widespread with AI

That brings us to the topic of ad fraud, an activity that came to mainstream attention with news of convictions for such activity in the early 2020s. However, as today’s report from cybersecurity firm HUMAN shows, it’s not a problem that’s gone away. Earlier today, it disclosed details of what it characterizes as one of the more sophisticated mobile ad fraud operations uncovered to date. 

HUMAN uncovers ‘SlopAds’

The scheme, dubbed “SlopAds,” relied on hundreds of apps distributed via Google Play and generated billions of fraudulent bid requests before its takedown, with the firm unable to share estimates of how much it cost advertisers.

The latest SlopAds investigation involved at least 224 apps collectively downloaded more than 38 million times across 228 countries, with much of this activity originating in the United States, India and Brazil, per the company. 

At its height, the network generated an estimated 2.3 billion daily bid requests, according to HUMAN’s technical report, with the “Slop” moniker reflecting both the mass-produced nature of the apps and their recurring AI-themed branding, a veneer that belied the underlying mechanics. An extensive infrastructure of command-and-control servers and promotional domains supported the apps. 

How the scheme worked

SlopAds went beyond conventional click fraud. Once downloaded, the apps performed checks to avoid detection, distinguishing between organic and non-organic installs. Fraudulent behavior only triggered if an app had been downloaded after a user clicked on an ad.

In practice, that meant the app behaved benignly for users who installed it directly, but activated hidden modules for those who arrived via ads.

The fraud module, dubbed FatModule, was delivered through digital steganography. Four PNG image files concealed fragments of code that, when reassembled on a device, executed the fraud logic. The apps also deployed anti-analysis techniques such as debugging checks, string encryption and packed native code.

From there, the operation relied on hidden WebViews, stripped-down browsers that collected device data and navigated to “cashout” domains controlled by the threat actors. These WebViews rendered ads and auto-clicked them, with repeated redirects sanitizing referral data to simulate legitimate traffic. In some cases, the fraud targeted HTML5 game and news websites, echoing tactics seen in other operations like BADBOX 2.0.

Buyer blind spots

HUMAN described SlopAds’ use of attribution and measurement tools as a novel obfuscation tactic. By piggybacking on attribution tags, the apps could confirm whether an install was organic or not without writing custom tools. In an email exchange, Lindsay Kaye, vp of threat intelligence, HUMAN, told Digiday the technique did not involve compromising SDKs. Instead, the bad actors involved leveraged attribution, highlighting how legitimate systems can be co-opted.

Asked whether buyers should question the reliability of attribution platforms, Kaye replied, “The exploitation of the attribution system by SlopAds was not done in such a way that it should make buyers question the reliability of the tool. Rather, the threat actors used it in its intended fashion.”

Platform response

As for which sell-side or demand-side platforms were most exposed, HUMAN declined to disclose details, although Kaye claimed media teams should encourage partners in their ad tech supply chain to use more sophisticated tools to detect invalid traffic.  

Google removed all identified SlopAds apps from its Play Store, according to HUMAN, with Android’s Play Protect security service now blocking apps exhibiting similar behaviors, although it claimed the scheme involved tens of millions of downloads before removal. “HUMAN not only provides this filtration, but also surfaces granular insights into specific supply that may indicate quality concerns,” added Kaye. 

Next steps

HUMAN researchers said they expect the operators of SlopAds to adapt and redeploy, given the investment in infrastructure and indications that they were testing new apps even during the investigation. The company said it continues to monitor for further activity.

The broader takeaway for advertisers is that fraud tactics are increasingly conditional, sophisticated and difficult to distinguish from legitimate traffic. SlopAds shows that threat actors are willing to borrow tools from the legitimate ad tech stack — from attribution to steganography — to cloak their operations.

For buyers, this raises questions not just about fraud detection, but about how much confidence to place in the signals underpinning programmatic decisions. 

While HUMAN clients were insulated, industry-wide exposure remains unclear, underscoring the asymmetry of information between security vendors and buyers.

As fraudsters adapt, the SlopAds case highlights a familiar but intensifying theme: programmatic buying remains an attractive target, and bad actors are hiding in plain sight as AI slop becomes more commonplace. 

Numbers to know 

• $637 million: the investment amount secured by DeepIntent from Vitruvian Partners.
• 66%: the number of WPP Media survey respondents who think most brand-consumer interactions will be handled via bot-to-bot communication (i.e., AI agents talking to AI agents).   
• 71%: the number of experts who believe AI will produce the majority of creative content by 2030.  
• 82.3%: the number of experts who think biometric data will be commoditized by 2030.

What we’ve covered

‘Quite frankly, ignorant’: Index Exchange CEO Andrew Casale rebukes The Trade Desk’s SSP ‘reseller’ tag

The Trade Desk’s reclassification of all supply-side platforms as “resellers” faces pushback from major players like Index Exchange, who call it an oversimplification. This reclassification penalizes SSPs by scoring their inventory as less efficient, diverting ad spend to The Trade Desk’s direct supply paths. While aiming to cut inefficiencies, critics argue it consolidates The Trade Desk’s control, reducing money for some SSPs and publishers, though others benefit from favored integrations like OpenPath. This shift is reshaping industry dynamics.

Netflix turns to Amazon to make its ads easier to buy

Netflix will sell ads via Amazon’s DSP in 12 markets, completing programmatic integration. Amazon’s commerce data offers advertisers unique targeting power, while discounted fees strengthen its appeal. The move helps Netflix ease buying and boost performance, as Amazon positions itself as the central hub of streaming’s growing ad economy.

What we’ve heard

“This is actually going to be a problem for second-tier demand-side platforms. As ‘open web’ declines, you need to get in with the ‘hedged gardens.’”

– An anonymous source reacts to news that “Netflix turns to Amazon to make its ads easier to buy.” A development that had a calamitous impact on The Trade Desk’s stock price.   

What we’re reading

What’s next for Streamr.ai now that it’s been acquired by Magnite?

Magnite announced it had acquired Streamr.ai, which specializes in developing AI-generated assets for small businesses to use in their CTV campaigns. Magnite CPO Adam Soroca explains more to AdExchanger. 

Scope3 lays off staff as part of shift toward agentic advertising

Adweek discusses layoffs at the startup led by Brian O’Kelley. While the number of layoffs wasn’t confirmed in the piece, sources told Digiday the number was close to 20%, with the cuts impacting multiple departments, including former senior European leadership.  

With GAM going direct to buyers, SPO is the new normal

Adexchanger riffs on an earlier story by The Information, looking at Google’s sell-side business, a.k.a. Google Ad Manager, pursuit of direct deals with the buy side – the implication being that demand-side platforms, including Google’s own DV360, would be cut out. GAM representatives recently hosted a dinner for top ad agencies in New York City in July to discuss ways that GAM could work directly with buyers. 

Is Google preparing to make Its ad tech biz independent?

Emarketer’s analyst team does likewise, instead explaining how Google’s preparations reflect regulatory pressure following Judge Brinkema’s April ruling that it holds an illegal monopoly over publisher ad servers and ad exchanges. Regulators might force Google to divest GAM or sell its AdX exchange to increase competition. Despite a 7% revenue decline in network revenue, Google remains dominant with $205 billion forecasted ad revenues for 2025, but its slowed growth and antitrust challenges threaten industry dynamics and competitors.