By Gilit Saporta, DV VP Product, Fraud & Quality, and Anna Gantman, DV Fraud Analyst
Android app fraudsters have a new hiding place.
In a sophisticated scheme designed to evade Google Play Store safety checks, bad actors are hacking into legitimate developer accounts that have shown no sign of life for months or years. Once inside, they “revive” these accounts – effectively turning them into zombies – and use them to release fraudulent gaming apps.
The DV Fraud Lab uncovered this trend in late 2025 and expects it to expand in the coming months. Advertisers who rely only on built-in app store fraud detectors may not be adequately protected.
Fraudsters typically infiltrate app stores by creating new developer accounts (with fake reviews and other features to make them seem legitimate). But app store fraud detection tends to flag brand-new accounts for extra scrutiny. Every time a fraudulent account gets shut down, the fraudster must start all over again with a new account.
But increasingly, bad actors are dodging detection by turning inactive legitimate accounts into havoc-wreaking zombies. The cute-seeming game apps they release are designed to drain media budgets by generating massive invalid traffic (IVT) and serving intrusive or out-of-context ads. Moreover, while the games themselves are real, fraudsters don’t care much about user experience; most of these apps harm consumers by consuming battery power and potentially shortening the life of infected devices.
Because they appear to be published by trusted veteran developers, the fraudulent apps below made it past automated app store security screenings:
In our work protecting our advertiser clients’ campaigns, the DV Fraud Lab constantly looks for suspicious signals. The fraudulent gaming apps in this scheme had massive, inexplicable traffic surges very early in the morning — a time when casual gamer traffic is generally at its lowest.
They also reached high-volume traffic levels within hours of launch, despite having no marketing presence, poor user reviews and minimal quality scores. The traffic patterns had no relationship to the apps' actual functionality, suggesting that the “users” were bot clusters programmed to fire ad requests regardless of gameplay.
And despite coming from unrelated developer accounts, they all have similar backend naming rubric and share the same underlying fraudulent infrastructure, suggesting that they are related to each other.
When we took a step back and investigated the accounts from which the apps originated, we noted that the accounts had undergone recent and abrupt “personality” changes, as if they were being inhabited by an outside force.
From Birdwatching to “Meme Merge”: A developer account dedicated to niche ornithology apps had been dormant since 2017. It lurched back to life in 2025 — not to update its birding software, but to publish a series of generic, low-quality gaming apps.
From Music Utilities to “Perfect ASMR Tidy”: A developer account inactive since 2016 started up again in 2025 and pivoted from music apps to “stress-relieving” game apps.
Source: https://play.google.com/store/apps/developer?id=Man+LemonZi
Zombie accounts are particularly dangerous because they exploit the industry’s trust in historical reputation. When a “trusted” developer ID is zombified, it can:
Eat your ad spend by firing impressions that don’t reach real human eyeballs.
Infect your optimization decisions with inflated reach and frequency metrics.
Threaten your brand reputation by potentially placing your ads alongside AI slop content or malware.
…all without triggering any app store protections.
To stay ahead of this fraud, we recommend that advertisers and platforms move beyond reputation-only vetting and implement real-time behavioral analysis.
DV has already integrated these zombie account signatures into the detection models used in our proprietary media-quality and fraud protection. Our real-time behavioral analysis constantly looks for telltale signs of non-human interaction.
Contact a DV representative.
Learn more about DV fraud protections.