Using 50+ Android apps and roughly 10 million installs as its engine, Arcade appears to be the work of a coordinated fraud network and not a few rogue developers gaming the system, as per IAS.
Integral Ad Science (IAS) has uncovered a new ad-fraud operation exploiting Android gaming apps to covertly divert ad traffic to a network of HTML5 gaming domains. Called 'Arcade', the scheme has migrated towards Asia Pacific, now one of its fastest-growing hotspots.
Arcade involves more than 50 Android gaming apps with around 10 million installs. These apps quietly open background browser tabs that repeatedly load over 200 HTML5 gaming sites to generate ad impressions without user interaction. The sites are legitimate and host real, playable games, but the traffic is fabricated.
Scott Pierce, head of fraud and ad quality at IAS told Campaign Asia-Pacific that the architecture and level of coordination point to something far more sophisticated than a few rogue developers.
"At this stage, we have no confirmed attribution, but the scale, coordination, and shared infrastructure indicate that Arcade is operated by an organised fraud network rather than independent developers. The evidence points to a well-resourced group leveraging a modular framework for large-scale ad traffic manipulation."
One of Arcade's most evasive features is that the fraud only activates under specific conditions. The apps behave normally when downloaded directly from app stores, but switch into fraud mode if they detect the install came via a paid campaign or referral. Using attribution SDK signals, including data from Appsflyer, the app confirms the install source before contacting a remote command-and-control server, which delivers an encrypted payload that unlocks the hidden browsing and ad-serving code. This payload is only deployed to targeted devices, and many apps include anti-analysis safeguards to detect virtual or sandbox environments, enabling them to bypass app-store reviews and security checks.
Early activity was only concentrated in the US, Brazil and Canada, but since shifted to Asia-Pacific. By September 2025, Turkey, Vietnam, the Philippines, Thailand, Indonesia and Malaysia accounted for nearly half of all detected traffic, pointing to a deliberate redirection of targeting to high-growth markets.
Although smaller in app volume than IAS's previous discoveries, Vapor and Mirage, Arcade has created far greater traffic impact.
"Compared to earlier IAS discoveries like Vapor and Mirage fraud schemes, Arcade involves fewer apps but far greater traffic impact. By using hidden in-app browsers to endlessly reload HTML5 gaming pages, it has generated a much higher volume of bid requests, making its overall ad footprint disproportionately larger despite a smaller app count," Pierce said.
Arcade profits on two fronts: covert traffic to gaming domains that generates hidden ad revenue, and disruptive out-of-context ads that appear outside normal app use. IAS identified the operation through behavioural anomaly analysis and domain traversal pattern recognition, and continues to map the developer accounts and domains tied to the setup.
Pierce explains, "Arcade is anything but subtle. The volume of traffic attributed to this operation points to a well-resourced and coordinated effort, capable of producing and maintaining a myriad of Android apps and gaming domains at an industrial scale."
The firm says it intervened before Arcade reached full scale, warning the scheme was designed to expand further if left unchecked.