The Trapdoor Scam That Tricks Mobile Advertising

Published on May 23, 2026 | Translated from Spanish

A new threat called Trapdoor has been discovered in the Android ecosystem. This ad fraud affected 659 million daily bid requests across 455 malicious apps. The scheme simulated human interactions and legitimate traffic to charge for ads not seen by real users, operating in the background without victims noticing.

android smartphone cross-section showing hidden malicious code execution, glowing red data streams flowing from infected apps into ad servers, fake user touch gestures displayed as transparent ghost hands tapping screens, 455 app icons arranged in a grid below with red warning indicators, server racks in background processing 659 million fake ad requests per day, technical illustration style, dark blue and red color scheme, glowing network lines connecting devices to servers, photorealistic engineering visualization, dramatic overhead lighting, detailed circuit board textures, malware signature patterns visible as floating digital particles

How the ad fraud works on Android 🛡️

The malicious apps, disguised as games or useful tools, established persistent connections with ad servers. Through automated scripts, they generated fake clicks and video plays in the background. The fraudulent traffic mimicked human behavior patterns to evade security filters. This method allowed scammers to siphon ad revenue for months without raising immediate suspicion.

The lucrative business of phantom ads 💰

Scammers created a business model where advertisers pay for clicks that never happened. It's like renting out a phantom apartment and collecting rent from a non-existent tenant. The funny thing is that while the bots work tirelessly, users enjoy their phones unaware that their device has become an unsolicited ad office. At least the ads don't take up memory space.