Trapdoor Ad Fraud Scheme Hits 659 Million Requests Daily

Cybersecurity researchers have released details about a new ad fraud and malvertising scheme known as Trapdoor. This operation targets users of Android devices and was uncovered by HUMAN's Satori Threat Intelligence and Research Team. The fraudulent activities involved 455 malicious Android apps and 183 command-and-control (C2) domains operated by threat actors. Trapdoor has proven to be highly effective, generating 659 million bid requests daily. This massive number of requests demonstrates the extensive and well-organized nature of the fraud system.

The infrastructure has been transformed into a multi-layered fraud system that allows attackers to obscure their activities and evade detection. The malicious apps used in this scheme are often disguised as legitimate applications. Users who download these apps are not only targets of ad fraud but also potential malware attacks. Researchers have found that many of these apps are available in official app stores, increasing the danger for users. The threat posed by Trapdoor is not limited to a specific region.

The affected apps and domains are globally distributed, meaning users worldwide are at risk. Researchers have already identified several countries where most affected users reside, including the USA, Brazil, and India. The attackers behind Trapdoor employ a variety of techniques to disguise their activities. These include hiding malicious code in seemingly harmless applications and exploiting vulnerabilities in Android operating systems. These methods make it difficult for security researchers to detect and neutralize the threat in a timely manner.

The security community has already taken measures to combat the spread of Trapdoor. Companies and developers are urged to regularly check their apps for security vulnerabilities and report suspicious activities. Researchers also recommend that users be cautious about which apps they download and what permissions they grant them. The discovery of Trapdoor has also sparked a discussion about the need for stricter security measures in app stores. Experts are calling for platforms like Google Play and the Apple App Store to improve their review processes to more effectively identify and remove malicious apps.

Implementing such measures could help enhance user safety. Researchers at HUMAN have already published a list of affected apps that users should review. This list includes both well-known and lesser-known applications involved in the fraud system. Users should be aware that even highly rated apps can potentially be dangerous. The vulnerability exploited by Trapdoor could also have implications for the advertising industry.

Advertisers who fall victim to these fraudulent activities could suffer significant financial losses. Estimates suggest that losses due to ad fraud in the industry could reach up to $42 billion per year. Researchers have emphasized that combating ad fraud requires a collective effort. Both users and developers must work together to ensure safety in the digital space. Raising awareness about the risks and promoting safe practices are crucial to preventing the spread of such fraud operations. Full details on Trapdoor and the affected apps have been published in a report by HUMAN, released on May 20, 2026.