Ad fraud scheme in Android apps discovered by Integral Ad Science

The IAS Threat Lab it has published a new report that reveals an extensive and sophisticated ad fraud scheme, dubbed “Vapor Threat”, that uses fake Android apps to implement endless full-screen intrusive video ads. 

This fraudulent operation, called Steam, has this name due to its ability to “vaporize” any actual functionality of the apps, leaving behind only intrusive ads. 

In total, though threat Lab has identified more than 180 application IDs as part of the Vapor Threat schema that it has accumulated over 56 million downloads e generated more than 200 million advertising bids daily since 2024, and without any real functionality being delivered to users.

The IAS Threat Lab shared the findings with Google, which subsequently removed from Google Play all the applications identified in the report. However, the fraudsters behind the operation have created multiple developer accounts, each hosting only a set of applications to distribute their operation and avoid detection. This distributed configuration ensures that deleting a single account has minimal impact on the overall operation.

For more information on how applications were designed to mimic legitimate applications, the impact of fraud on consumers and brands, the scale and timing of the operation, and other data, the report can be downloaded in full (in English) through this link.

For contextualization purposes, IAS Threat Lab is a dedicated team of experts focused on identifying and taking down sophisticated fraud operations using malware analysis and reverse engineering to uncover emerging threats before they arise.