Android app ad fraud scheme uncovered by Integral Ad Science

The IAS Threat Lab A new report reveals a vast and sophisticated ad fraud scheme, dubbed "Vapor Threat," which uses fake Android apps to deploy intrusive, full-screen, endless video ads. 

This fraudulent operation, codenamed Vapor, gets its name from its ability to "vaporize" any real functionality of the apps, leaving only intrusive advertisements behind. 

In total, The Threat Lab identified over 180 app IDs as part of the Vapor Threat scheme. that accumulated more than 56 million downloads e generated more than 200 million daily advertising bids since 2024 without any real functionality being delivered to users.

The IAS Threat Lab shared the findings with Google, which subsequently removed all identified applications from Google Play. However, the fraudsters behind the operation created multiple developer accounts, each hosting only a set of applications to distribute their operation and avoid detection. This distributed setup ensures that the removal of a single account has minimal impact on the overall operation.

For more information on how the applications were designed to mimic legitimate applications, the impact of the fraud on consumers and brands, the scale and timeline of the operation, and other details, the full report (in English) can be downloaded via from this link.

For contextualization, the IAS Threat Lab is a dedicated team of specialists focused on identifying and dismantling sophisticated fraud operations using malware analysis and reverse engineering to discover emerging threats before they materialize.