These zombies prefer budgets over brains.
Media effectiveness and measurement company DoubleVerify has uncovered a new mobile ad fraud scheme in which bad actors take over long-dormant Android developer accounts and use them to distribute fraudulent gaming apps through the Google Play Store. DV’s Fraud Lab identified the trend in late 2025 and expects it to accelerate as fraudsters look for new ways around app-store guardrails.
Instead of spinning up new developer accounts, which can attract extra scrutiny, DV says fraudsters are reviving legitimate accounts that have been inactive for years. Once inside, they publish low-quality gaming apps that generate fake and invalid traffic. But because the accounts have long histories and appear trustworthy, the apps often clear automated security checks, even though the traffic they produce is largely non-human and not representative of real gameplay.
Why This Matters:
Zombie developer accounts exploit one of the industry’s oldest assumptions: that age and history equal trust. For advertisers, that creates a blind spot where fraud can scale quietly without basic safeguards kicking in. After all, these developer accounts SEEM trustworthy to Google and even get around their checks and tests.
Unfortunately, the damage goes beyond wasted dollars. These apps can inflate reach and frequency, contaminate optimization signals, and introduce brand risk by placing ads in environments that were never designed for real users.
At a broader level, the scheme highlights how fraud is evolving. We have AI-powered fraud on the rise, but bad actors are also leaning into more blunt — yet surprisingly elegant? — hacks that target trusted infrastructure rather than building fraud from scratch.
Experts React:
Gilit Saporta, VP of Product, Fraud & Quality at DoubleVerify, likens the scheme to a zombie outbreak:
“Bad actors are hacking into legitimate developer accounts that have shown no sign of life for months or years. Once inside, they revive these accounts — effectively turning them into zombies — and use them to release fraudulent gaming apps.”
She adds that to stay ahead of this kind of fraud, advertisers and platforms need to “move beyond reputation-only vetting and implement real-time behavioral analysis.”
Our Take:
This is a good reminder that not all fraud is necessarily flashy or bleeding-edge. Some of the most effective schemes succeed by blending in, borrowing credibility, and exploiting fairly basic assumptions the industry (or maybe app stores?) no longer questions enough.
AdTechRadar is owned by Chris Harihar, who leads PR at Mod Op. DoubleVerify is a Mod Op client.
