EXCLUSIVE: Google Pulls 115 Android Apps Tied to Ad Fraud Scheme Affecting 25M Devices

An Android-based mobile fraud operation designed to milk ad revenues from AI-generated shell websites has been shut down by Google and ad verification firm Integral Ad Science (IAS). The scheme was executed through more than 25 million consumer devices.

Throughout late 2025, the scheme, dubbed Genisys, used over 115 distinct mobile apps to propagate fraudulent ad activity. When users downloaded an affected app—most of which were basic utility apps like QR code scanners, PDF readers, or WiFi detectors—secret in-app browsers covertly pushed traffic to nearly 500 AI-generated domains in order to monetize ad engagement.

Affected apps were generally basic single-function tools like flashlights, PDF converters, or wallpaper providers. The websites generally looked like blogs, news publishers, or informational sites. 

Many of the AI-generated domains were designed to look like generic, informative sites.

Not only did the operation hijack users’ devices without their knowledge it also led to wasted investment for many advertisers whose messages were not shown to real people. IAS Threat Lab was unable to quantify the total ad spend wasted by the scheme, but determined that its traffic generated millions of bid requests, leading advertisers to serve ads against bot traffic.  

Hadi Shiravi, a senior engineering manager at IAS Threat Lab, warned that AI is being used to quickly set up and aggressively expand these fraud schemes. “These are scales we haven’t seen before,” Shiravi said. “It’s very easy for them to spin up these domains, scale them and at a very low cost,” Shiravi added.

Plus, technical advancements are making it easier for AI-generated content to bypass standard monitoring techniques employed by ad exchanges and supply-side platforms.

To further obscure the activity and avoid detection, fraudsters misrepresented bundle IDs, unique codes used to identify specific apps. Instead of displaying their real bundle IDs, the fraudulent apps showed the IDs of a wide range of real, popular apps—like Netflix and Instagram—to suggest that the traffic going to the shell websites was legitimate. Some of the domains showed upwards of 300 app bundle IDs generating traffic. 

After detecting the fraud operation in September of last year during a regular monitoring process, IAS Threat Lab followed its proliferation before it reached its peak in December. Google instigated its own investigation into the apps, and eventually, it pulled the fraudulent apps from the Play Store. Plus, a security tool called Google Play Protect will automatically disable Genisys-affiliated apps—even if they come from outside the Play Store—and alert users in the future if they interact with such an app. The organizations claim they’ve reduced Genisys-related bid requests by over 95%.

“Bad actors are constantly changing tactics, which is why we collaborate with IAS and others across the industry to disrupt fraud networks,” a Google spokesperson told ADWEEK. The spokesperson added that the removal of the affected apps is intended to help “protect people and businesses from abuse,” but declined to comment further on the record.

Including Genisys, Google pulled over 870 Android apps associated with at least three large-scale ad fraud schemes within the last year.

The AI-generated domains at the heart of the Genisys operation signal a sea change; next-generation ad fraud schemes will “absolutely” be enabled by AI, Shiravi said. It’s a summons the media industry will have to answer. 

The IAS Threat Lab, for its part, claims to be actively preparing, according to Vidhya Rohini Raman, the division’s senior director of data science and engineering. “We are simultaneously developing product to detect low-quality generative AI content and integrating it into our core product ecosystem,” she said, “so our advertisers will be able to benefit from improved detection and avoidance capabilities, and that, in turn, will help them focus on high-performing media.”