Home | My Feed | Saved Stories | About | Privacy
Back

DoubleVerify Issues Fraud Alert on 'Zombie Account' Mobile App Scam

Show me the source 1 Sources
Generated on: Last updated:

DoubleVerify Issues Fraud Alert on Mobile Scam Using "Zombie" Android Developer Accounts

DoubleVerify has issued a fraud alert concerning a mobile scam involving criminals hijacking dormant Android developer accounts to publish fraudulent gaming apps on Google Play.

Scam Mechanism

This pattern differs significantly from earlier app store scams that used newly created developer accounts. DoubleVerify stated that fraudsters are now taking over established accounts that have been inactive for extended periods, termed "zombie accounts." The prior legitimate activity of these accounts can allow fraudulent apps to bypass automated checks that rely on reputation signals.

Impact of Fraudulent Apps

The apps generated through this method produce invalid traffic, which depletes advertiser budgets. Many of these apps also consume excessive battery power, potentially harming the devices on which they are installed. Furthermore, the published apps can serve intrusive or out-of-context advertisements and produce large volumes of ad requests that do not align with actual gameplay.

Shift in Fraudster Tactics

Historically, fraudsters infiltrated app stores by creating new developer accounts, then adding fake reviews and metadata. This approach has become more difficult due to increased scrutiny and rapid takedowns of new accounts. The current pattern involves compromising accounts with existing publishing records, which then reactivate after long periods of inactivity to release multiple generic, low-quality gaming apps.

Detection Signals

DoubleVerify identified the scheme through specific patterns in early traffic:

  • Traffic surges occurring at times not typical for casual gaming behavior.
  • High-volume traffic levels achieved within hours of launch, despite a lack of marketing, poor user reviews, and minimal quality scores.
  • Traffic patterns that did not correlate with the apps' functionality, suggesting bot activity.
  • Shared backend naming rubrics and underlying fraudulent infrastructure among apps from unrelated developer accounts.

DoubleVerify analysts also observed account-level changes, such as abrupt topic shifts after years of inactivity. For instance, accounts previously publishing niche utilities or hobby apps suddenly moved into casual gaming categories.

Examples Cited

DoubleVerify cited examples of developer accounts exhibiting these shifts:

  • An account dormant since 2017, which previously published ornithology apps, returned in 2025 to release generic gaming apps.
  • Another developer account, inactive since 2016, reappeared with game apps marketed as stress-relieving titles.

These pivots, combined with other behavioral indicators, serve as a clear signal of compromise.

Advertising Impact

"Zombie accounts are considered dangerous because they exploit the industry's reliance on historical reputation as a trust signal. This can compromise defenses if real-time monitoring is not in place."

The fraud can distort campaign measurement by inflating delivery metrics with invalid traffic and affect optimization decisions that treat this traffic as legitimate engagement. Advertisers also face brand risk if ads appear in unsuitable environments associated with low-quality content. This activity can evade app store protections when automated screening fails to detect compromised accounts or app behavior.

Recommendations

DoubleVerify recommends shifting from reputation-only checks to real-time behavioral analysis. The company has incorporated these "zombie account" signatures into its detection models and monitoring processes.