Share on LinkedIn
Share on XWhat happens when utility apps turn into full-screen ad machines? The IAS Threat Lab has uncovered a global ad fraud scheme — codenamed “Mirage” — designed to mislead users, inflate installs, and exploit the mobile advertising ecosystem.
The Scheme
The IAS Threat Lab has uncovered a large-scale, fast-evolving ad fraud operation known as Mirage — a sprawling network of fraudulent Android apps designed to hijack user devices and exploit ad ecosystems at massive scale.
Mirage apps masquerade as helpful utilities like phone cleaners and battery boosters. On the surface, they appear harmless. But behind the scenes, they use cloaking techniques and bot-driven installs to quietly switch on aggressive ad fraud behavior once installed through specific referral links. The result: full-screen interstitial ads that interrupt users out of context, with no real utility provided by the apps themselves.
Threat Lab researchers have identified over 300 Mirage-linked app IDs, collectively amassing more than 70 million downloads and generating over 350 million daily bid requests. These apps were built with one goal in mind: monetize unsuspecting users through persistent, non-consensual advertising.
Mirage marks a troubling evolution of tactics first seen in the Threat Lab-discovered Vapor scheme. Unlike Vapor apps, which gradually stripped away features over time, Mirage apps are designed to mislead from the outset — launching with fake installs to climb app store rankings and turning on monetization only when real users start downloading.
The Takedown
IAS collaborated directly with Google to take swift action against the Mirage operation. Based on Threat Lab intelligence, all identified Mirage apps have been removed from the Google Play Store. Google Play Protect is actively alerting users and will disable these apps automatically — even when installed outside of the Play Store ecosystem.
IAS continues to monitor Mirage’s activity, as its operators rapidly adapt through reskinned apps, recycled developer accounts, and global distribution across North America, Europe, and Asia-Pacific.
Want to understand Mirage’s full scale and how IAS unraveled the scheme? The full report includes:
- A breakdown of Mirage’s app behavior and install patterns
- Tactics used to cloak fraud from store reviewers
- Case study of a Mirage app that reached #1 in the U.S.
- Timeline of IAS and Google’s coordinated takedown
