A massive ad fraud operation, dubbed Vapor, has been uncovered, with over 330 malicious Android apps on Google Play amassing more than 60 million downloads. Identified by IAS Threat Lab and analyzed by Bitdefender, these apps, disguised as utility, health, fitness, and lifestyle tools, were designed to aggressively hijack users’ devices to generate fraudulent ad revenue.
Malicious Tactics and Evasive Methods
The compromised apps initially appeared harmless, but once installed, they were updated to display disruptive full-screen video ads, effectively hijacking users’ screens and making their devices nearly unusable. In addition to bombarding users with ads, some apps attempted to steal sensitive information like credentials and credit card data through phishing attacks.
To evade detection, the apps employed various tactics, including hiding their icons from the app drawer and even the device’s settings menu, making it difficult for users to uninstall them. Some apps also displayed ads without being opened, further intensifying the impact.
Timeline of the Attack
The majority of the harmful apps were uploaded between August 2024 and January 2025, with the most recent appearing in early March 2025. Despite efforts to remove these apps, 15 remained available for download at the time of Bitdefender’s investigation.
Google’s Response
Following reports from IAS and Bitdefender, Google removed the identified apps from its Play Store. A Google spokesperson assured users, “All of the identified apps from these reports have been removed from Google Play. Android users are also automatically protected by Google Play Protect.”
Key Takeaways
- Over 330 malicious apps were discovered, with more than 60 million downloads, primarily in late 2024 and early 2025.
- The apps used various methods to bypass Android’s security, including hiding icons and displaying unsolicited ads.
- Google swiftly removed the apps, but users are urged to stay vigilant and rely on Google Play Protect for enhanced security.
This large-scale fraud campaign highlights the ongoing risks mobile users face, even within trusted platforms like Google Play. Users should exercise caution when downloading apps and ensure their devices remain up to date with the latest security measures.
