🚨 New research from the Satori Threat Intelligence team is live: Trapdoor — a massive fraud operation disrupted in collaboration with Google . 455 malicious Android apps. 183 threat-actor-controlled domains. 24M+ app downloads. 659M bid requests per day at peak activity. Trapdoor operated as a self-sustaining fraud pipeline, using malvertising, stealthy app installs, and advanced anti-analysis techniques to scale mobile ad fraud globally. For ad tech and security teams, this is a reminder that it’s not enough to look only at app behavior. Defenders must also identify and disrupt the shared cashout infrastructure powering multiple operations simultaneously. Proud of the incredible work from the Satori team and our partners at Google to expose and disrupt this operation. https://lnkd.in/gJvMYuG3
Satori Threat Intelligence Exposes Trapdoor Fraud Operation
More Relevant Posts
-
HUMAN's Satori team new research on Trapdoor - a multi-stage Android scheme that blends malvertising and ad fraud into a self-sustaining growth engine. What stands out most is the signal beyond a single campaign: shared HTML5 cashout infrastructure, abuse of attribution tooling to evade detection, and a model where fraud can fund its own scale. This is the kind of work that helps move the industry from chasing isolated indicators to understanding the repeatable tactics that power modern operations. #CyberSecurity #ThreatIntelligence #AdFraud #Malvertising #AndroidSecurity #FraudPrevent #Satori
🚨 New research from the Satori Threat Intelligence team is live: Trapdoor — a massive fraud operation disrupted in collaboration with Google . 455 malicious Android apps. 183 threat-actor-controlled domains. 24M+ app downloads. 659M bid requests per day at peak activity. Trapdoor operated as a self-sustaining fraud pipeline, using malvertising, stealthy app installs, and advanced anti-analysis techniques to scale mobile ad fraud globally. For ad tech and security teams, this is a reminder that it’s not enough to look only at app behavior. Defenders must also identify and disrupt the shared cashout infrastructure powering multiple operations simultaneously. Proud of the incredible work from the Satori team and our partners at Google to expose and disrupt this operation. https://lnkd.in/gJvMYuG3
-
-
HUMAN's Satori Threat Intelligence and Research Team has identified and disrupted a fast-growing ad fraud and malvertising operation dubbed Trapdoor.
🚨 New research from the Satori Threat Intelligence team is live: Trapdoor — a massive fraud operation disrupted in collaboration with Google . 455 malicious Android apps. 183 threat-actor-controlled domains. 24M+ app downloads. 659M bid requests per day at peak activity. Trapdoor operated as a self-sustaining fraud pipeline, using malvertising, stealthy app installs, and advanced anti-analysis techniques to scale mobile ad fraud globally. For ad tech and security teams, this is a reminder that it’s not enough to look only at app behavior. Defenders must also identify and disrupt the shared cashout infrastructure powering multiple operations simultaneously. Proud of the incredible work from the Satori team and our partners at Google to expose and disrupt this operation. https://lnkd.in/gJvMYuG3
-
-
The Satori team at HUMAN is incredible, for lack of a better word.....Read how their latest research exposed a huge fraud operation!
🚨 New research from the Satori Threat Intelligence team is live: Trapdoor — a massive fraud operation disrupted in collaboration with Google . 455 malicious Android apps. 183 threat-actor-controlled domains. 24M+ app downloads. 659M bid requests per day at peak activity. Trapdoor operated as a self-sustaining fraud pipeline, using malvertising, stealthy app installs, and advanced anti-analysis techniques to scale mobile ad fraud globally. For ad tech and security teams, this is a reminder that it’s not enough to look only at app behavior. Defenders must also identify and disrupt the shared cashout infrastructure powering multiple operations simultaneously. Proud of the incredible work from the Satori team and our partners at Google to expose and disrupt this operation. https://lnkd.in/gJvMYuG3
-
-
🚨 HUMAN’s Satori Threat Intelligence team, in collaboration with Google, just disrupted Trapdoor — a massive mobile fraud operation responsible for: • 455 malicious Android apps • 24M+ app downloads • 480M bid requests/day at peak scale This operation highlights why modern defenses need to go beyond basic detection to identify the infrastructure and monetization networks powering these attacks. For advertisers, publishers, and platforms, protecting revenue and user trust requires visibility across the full fraud lifecycle. Proud of the Satori team and our partners at Google for exposing and disrupting this operation! https://lnkd.in/gJvMYuG3
🚨 New research from the Satori Threat Intelligence team is live: Trapdoor — a massive fraud operation disrupted in collaboration with Google . 455 malicious Android apps. 183 threat-actor-controlled domains. 24M+ app downloads. 659M bid requests per day at peak activity. Trapdoor operated as a self-sustaining fraud pipeline, using malvertising, stealthy app installs, and advanced anti-analysis techniques to scale mobile ad fraud globally. For ad tech and security teams, this is a reminder that it’s not enough to look only at app behavior. Defenders must also identify and disrupt the shared cashout infrastructure powering multiple operations simultaneously. Proud of the incredible work from the Satori team and our partners at Google to expose and disrupt this operation. https://lnkd.in/gJvMYuG3
-
-
Cybercrime is evolving into self-funding fraud ecosystems. Our latest Satori research uncovered Trapdoor, an operation combining malvertising, fake app installs, and ad fraud to continuously fuel cybercrime at scale. Proud of the team for exposing and disrupting it!
🚨 New research from the Satori Threat Intelligence team is live: Trapdoor — a massive fraud operation disrupted in collaboration with Google . 455 malicious Android apps. 183 threat-actor-controlled domains. 24M+ app downloads. 659M bid requests per day at peak activity. Trapdoor operated as a self-sustaining fraud pipeline, using malvertising, stealthy app installs, and advanced anti-analysis techniques to scale mobile ad fraud globally. For ad tech and security teams, this is a reminder that it’s not enough to look only at app behavior. Defenders must also identify and disrupt the shared cashout infrastructure powering multiple operations simultaneously. Proud of the incredible work from the Satori team and our partners at Google to expose and disrupt this operation. https://lnkd.in/gJvMYuG3
-
-
Google has today announced the launch of a new ‘Android Intrusion Logging’ feature as part of Android Advanced Protection Mode (AAPM). https://lnkd.in/gXbWphds https://lnkd.in/gXdHAxGT
-
been waiting for android to finally fix the broad contacts access issue, now there's a proper contact picker where the app requests specific contacts and specific fields and access is temporary so it means rewriting permission request logic but google play policy will force it anyway. + interesting AISeal with pKVM in Android 17 isolating ambient data at the hypervisor level, curious how this will affect apps working with on device, and dynamic signal monitoring in live threat detection is a big one, the system now watches app behavior patterns in real time, sooo if you have a legitimate usecase with accessibility permissions or background launches expect your users to start seeing warnings... OKKKK https://lnkd.in/dAGGJ65J
-
I share 2 recent reports on the #Signal messaging app, this is the first. The scope is to demonstrate that the design can look bullit proof, but.. Signal Lost (Integrity): The Signal App is More than the Sum of its Protocols Kien Tuong Truong1, Noemi Terzo2, and Kenneth G. Paterson1 1 ETH Zurich 2 Max Planck Institute for Security and Privacy #Metadata #messagingApps
-
Google just launched their new AI dev tool, Antigravity, and hackers are already using it to drain crypto wallets. They aren't building a fake app. They took the real 138MB installer, added a hidden PowerShell script, and hosted it on a lookalike domain. You download it, the app installs and works perfectly. But in the background, a silent info-stealer rips your session cookies and wallet files straight off your hard drive. By stealing your active cookies, they don't even need your passwords or 2FA to take over your exchange accounts. If you are testing new dev tools, you have to isolate your environments. Google Read the full Scam Alert & Learn how to protect yourself: https://lnkd.in/gZfeBsn9 #Web3Security #Dev #CryptoHack #DeFi #ShieldGuard #SHPRO #Google
-
-
Missed yesterday's event on Simply Cyber? Jessica H. goes over how to use the 5-part TRUTH methodology (Track Down, Recreate, Unearth, Translate, Help others) to tackle unsupported apps and commonly missed file system artifacts. Watch "Parsing Unsupported 3rd Party Apps" on Youtube: https://lnkd.in/g25WQ96a #DigitalForensics #DFIR #MobileForensics #Hexordia
Parsing Unsupported 3rd Party Apps
https://www.youtube.com/
Explore content categories
- Career
- Productivity
- Finance
- Soft Skills & Emotional Intelligence
- Project Management
- Education
- Technology
- Leadership
- Ecommerce
- User Experience
- Recruitment & HR
- Customer Experience
- Real Estate
- Marketing
- Sales
- Retail & Merchandising
- Science
- Supply Chain Management
- Future Of Work
- Consulting
- Writing
- Economics
- Artificial Intelligence
- Employee Experience
- Workplace Trends
- Fundraising
- Networking
- Corporate Social Responsibility
- Negotiation
- Communication
- Engineering
- Hospitality & Tourism
- Business Strategy
- Change Management
- Organizational Culture
- Design
- Innovation
- Event Planning
- Training & Development
Trapdoor is a good reminder that these operations are becoming more creative, more connected, and harder to spot if you look at only one piece at a time. Research like this helps all of us better understand the patterns behind how modern fraud actually works.