researchers Dismantling a company specializing in fraud a A sophisticated ad fraud operation in which more 1700 applications And it affected some 11 million people.

VASTFLUXAs is known, the attack was discovered by the company Human safetywhich describes the operation in detail in a statement published on its website.

“HUMAN Security, Inc., the world leader in modern defenses against digital attacks, today announced the takedown of a sophisticated ad fraud operation in which More than 1,700 apps were rigged, targeting 120 publishers, serving in-app ads to nearly 11 million devices, and peaking at 12 billion ad requests per day.. The attack injected the code javascript Malicious digital ads that allow fraudsters to stack dozens of video ads on top of each other and record ad views completely invisible to the user.

The company explained that the name VASTFLUX “is derived from the concept of fast flux, an evasion technique used by cybercriminals, and VAST, the digital video ad delivery template used in this operation.” . He also confirmed that it is The largest operation was discovered by the Human Security Threat Intelligence and Research Group.

“When I got the first results on the volume of the attack, I had to do the calculations several times,” he said. Marion HabibHuman Security’s data scientist and lead investigator on the case, in statements to British media Wired.

“It is clear that the cybercriminals were well organized and They did their best not to be found out“They made sure the attack lasted as long as possible and made as much money as possible,” he added.

The most responsible person for ensuring the company’s cyber security, Gavid Reednoted that “what was technically impressive and incredibly disturbing about VASTFLUX was that the fraudsters Kidnapped impressions on legit appswhich makes it almost impossible To let consumers know if they’ve been affected.”

According to WiredThe attack was first discovered by a researcher Vikas Parthasarath In the boreal summer of 2022. Habibi explained to the publication that the fraud had several steps and that those responsible took a number of measures to avoid detection.

VASTFLUX was targeted at popular applications and tried Buy advertising space in them. “They weren’t trying to hijack the whole phone or the whole app, they were literally looking for ad space,” Habibi added.

The team discovered the attack while investigating an iOS app that was severely affected by an app phishing attack. “VASTFLUX is a scheme very sophisticated, which uses a limited signal available to verification partners in the environment they are targeting: in-app advertising, especially on iOS. The VAST scam has evolved Fraudulent offers to appear on one platform over anotherWhich makes these cross-platform attacks a big enemy,” Human Security said in a statement.

Wired Explains that once VASTFLUX won an advertising auction, cybercriminals They inserted malicious JavaScript code into this ad to allow stacking multiple ads Video one on the other.

In other words, VASTFLUX was able to hijack the advertising system so that when the phone displayed ads in the affected app, they were actually 25 ads placed one on top of the other. According to WiredThe attackers paid for each ad and the user only saw one on their phone.

VASTFLUX IN NUMBERS

– The operation peaked at 12 billion fraudulent ad requests in a single day

– 11 million devices with ads in apps attacked by VASTFLUX

– More than 1700 VASTFLUX fake apps on all platforms

– More than 120 publishers were attacked

– VASTFLUX could stack up to 25 ads on top of each other and charge for each without actually showing anything

Continue reading: