Security researchers have uncovered a large-scale ad fraud operation primarily targeting ads on iOS devices.
Dubbed “Vastflux,” the attack primarily affected more than 11 million Apple devices, resulting in 12 billion fraudulent bid requests at one point in time, according to security vendor Human’s Satori Threat Intelligence and Research Team. Did.
The group discovered this scheme after observing anomalous web traffic patterns associated with a popular mobile app. Ad fraudsters explain that they prefer mobile app ads because they have less information to pass to verification providers. This means that fraudulent schemes can go on for a long time before they are discovered.
Vastflux’s bid to display in-app banner ads. If they won, they injected malicious JavaScript into the underlying code and stacked multiple video ads underneath the displayed video, bringing cash to the operator.
The JavaScript also worked to spoof ad sizes, publisher IDs, and app IDs to hide its activity. An estimated 1,700 apps and 120 publishers have been spoofed in this manner.
“Vastflux is a malvertising attack that injects malicious JavaScript code into digital ad creatives, allowing fraudsters to stack numerous invisible video ad players on top of each other to register ad views.” Human explains.
“The fraudsters behind the Vastflux operation have a good understanding of the digital advertising ecosystem. They evaded ad verification tags, making this scheme difficult to spot.”
Human said it will work with industry partners to launch three waves of action against operators of the Vastflux scheme to help bring bid requests to virtually zero by December 2022.
This kind of ad fraud can reduce device battery life, crash affected apps, and degrade user performance, the report claims.
