← All Threat Actors
Threat Actor Profile

SlopAds

No known aliases in database
▲ High Threat
SlopAds, Trapdoor
Origin
Motivation Financial gain via fraudulent ad impressions and clicks

Target Sectors

Android device users Digital advertisers Mobile advertising networks

Known TTPs

Conditional execution (malicious behavior only triggers for non-organic installs)
Abuse of mobile marketing attribution SDKs to detect installation source
Steganography (delivering malicious APK fragments hidden within PNG images)
Hidden WebViews to navigate to threat actor-owned cashout sites
Use of Firebase Remote Config for encrypted C2 communication
Deployment of 'FatModule' malicious payloads
Use of AI-themed lure applications (e.g., StableDiffusion, ChatGLM clones)

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD