A new investigation by DoubleVerify has uncovered a serious ad fraud scheme running quietly inside iOS gaming apps. The operation, called SkyWalk, shows how modern cybercriminals are using AI and hidden browser technology to exploit both advertisers and everyday users. After reading the report closely, it feels clear that this is not just one more fraud case. It is a sign that a deeper problem is growing inside the mobile app ecosystem.
SkyWalk is operated by independent cybercriminals who share a common system known as UniSkyWalking. The framework lets them hide web browsers inside normal gaming apps. These apps look safe. They are available in the App Store. They load normally. You can even play the games without noticing anything strange.
But the moment a user opens the game, the app secretly loads invisible websites in the background. These hidden pages then load ads that no human ever sees. Advertisers still get billed for the impressions, and the fraudsters collect the money.
My first reaction after studying this is simple: If something this advanced can sit inside the App Store for months, then the current review systems are not strong enough to detect layered fraud.
The report says SkyWalk uses:
- Dozens of fraudulent apps
- More than 80 fake gaming websites
- Millions of fake impressions
- Touch hijacking for premium ad formats
- AI content to pass audits
The level of coordination seems interesting. These are not basic scammers running cheap tricks. This is organized fraud, backed by automation, hidden browsers, and AI-generated content.
In my view, the use of AI to create “legitimate-looking: sites is the most worrying part. It means fraudsters can now produce a full fake ecosystem, including apps, websites, and even fake traffic narratives.
The report says that in 2025, iOS saw three times more malicious apps than the average of the past five years. That is a huge jump. And it shows that Ad fraud is rapidly shifting from old bots to advanced, AI-powered, multi-layer systems.
For many years, marketers assumed iOS was safer than Android. It had a cleaner ecosystem and stronger app review processes. But SkyWalk breaks that belief. It shows that even curated platforms can be manipulated when fraudsters start using deeper technical tricks.
Brands get charged for ads that no human sees. Their campaign metrics look good on paper but mean nothing in reality. And if optimization is based on fake data, the entire ad strategy goes in the wrong direction.
Most people will never know their device is being misused in the background. But these hidden browsers:
- Drain the battery
- Slow down the phone
- Use memory and processing power
- Can even cause overheating
Users think they are playing a simple racing game. In reality, their device is working overtime to load ads for criminals.
SkyWalk is sophisticated, yes. But I think it is also a blueprint. If one group can make this work, more groups will try it. Fraud networks share tools, frameworks, and methods. If UniSkyWalking is available, then similar frameworks may appear soon.
Based on the evidence and the scale, it is clear that standard detection tools are no longer enough. Most systems check in-app activity, but SkyWalk shifts the fraud to hidden browsers where these tools do not work. Apple also needs to strengthen its review tools to detect embedded browser misuse. If invisible webviews can load in the background, that opens the door for more fraud.
