• by Laurie Sullivan , Staff Writer, Yesterday

Mobile apps generate hidden in-app browser activity to load websites in the background and convert mobile-origin activity into web traffic, according to the IAS Threat Lab.

Integral Ad Science’s ad division IAS Threat Lab is focused on threats, and has identified new online traffic patterns and domain behavior.

The company calls this change Genisys, and has worked with Google to mitigate the threats.

The apps were identified and removed from the Play Store. Google Play Protect will warn users and automatically disable apps known to be associated with Genisys, even when they originate from sources outside of Google Play.

Advertisers have been exposed to the threat because the AI-operation generated hundreds of millions of bid requests, injecting volumes of invalid supply into the programmatic ecosystem into more than 25 million devices to create a fraud network.

This type of activity can create financial risk, weaken marketplace integrity, and distort performance signals if left undetected, according to the report.

Monitoring AI threats is no longer an option, but a strategic imperative for advertisers to protect revenue and reputation. Automated botnets and algorithm manipulation are only two of the many threats from AI. 

A defining feature of Genisys is the nature of the web domains hid inside in-app browser sessions. In the Arcade operation, these domains were mostly based on gaming or entertainment.

In Genisys, the IAS Threat Lab observed widespread use of domains created using GenAI tooling on blogs, news outlets and informational resources.

The fraud embedded itself directly in smartphones and tablets across multiple markets.

Devices were hijacked to run malicious activity in the background -- diverting processing power and network resources without knowledge or consent of the user. The activity appeared across domains, apps, and changed traffic behaviors.

The apps created a network of nearly 500 AI-generated domains, and most were created using AI-generated tools.

They appear as generic blogs, news-style sites and informational properties produced, and built to receive and monetize fraudulent traffic, not real-life activity from humans.

Collectively, they form a synthetic web ecosystem that is designed specifically to launder app-generated activity into what they consider legitimate web inventory.

Genisys used app ID spoofing, making it difficult to detect real traffic sources.

Domains seemed to prompt visits from numerous unrelated mobile apps, creating false attribution and hiding true activity, which delayed enforcement and extended monetization.

Genisys, which was quickly created with AI, illustrates a new approach to large-scale fraud. Instead of using organic sites, it relies on hundreds of AI-generated domains to monetize app traffic.

AI enables a few apps to appear as a larger, deceptive network, hiding origins and enabling repeat offenders to operate longer.

Combating schemes like Genisys requires coordinated enforcement against developers, domain laundering and monetization systems, according to IAS Threat Lab.