The Trapdoor ad fraud campaign distributed 455 malicious Android apps via Google Play Store, generating 659 million fraudulent ad bid requests daily before discovery and removal. Google has removed the identified apps; residual risk is concentrated in three areas: devices that installed apps before removal, ongoing ad spend corruption if related clusters remain active, and enterprise Android deployments that may have approved Trapdoor-affiliated apps before the threat was identified.