Vaporized: The Android Ad Fraud Scheme That Duped 60 Million Users

Security researchers have uncovered the Vapor ad fraud scheme, where malicious Android apps on Google Play amassed over 60 million downloads. Masquerading as useful apps, they later turned into ad generators, inundating users with interstitial ads. These apps also attempted to collect user credentials, making them a double threat.

3P
Published: March 20, 2025 10:34 amAdded: March 20, 2025 at 4:13 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, the irony of an ad fraud scheme called “Vapor” that practically vanished into thin air—along with user patience and phone functionality! With Google Play becoming the unwitting accomplice, it seems these malicious apps were more invisible than a ninja at a blackout party. Who knew your health and fitness app could be this hazardous? Time to get your scam-dodging sneakers on, folks!

Key Points:

  • Vapor campaign involved 331 malicious apps with over 60 million downloads.
  • Apps disguised as utility, health, and lifestyle tools were updated to show intrusive ads.
  • Some apps collected user credentials and credit card data through phishing.
  • Google removed the apps after reports from IAS and Bitdefender.
  • Despite removal, 15 apps remained available as of early March 2025.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?