Vastflux - the biggest ad fraud we have ever seen
HUMAN's Satori Threat Intelligence and Research Team recently uncovered and shut down a massive ad fraud operation known as VASTFLUX. This sophisticated scheme exploited the restricted in-app environments of ads.
VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register fake ad views. At its peak, VASTFLUX generated a staggering 12 billion bid requests per day, spoofing over 1,700 apps and 120 publishers. The scheme affected nearly 11 million devices.
VASTFLUX is a combination of "fast flux," an evasion technique used by cybercriminals, and VAST, the Digital Video Ad Serving Template that was abused in this operation. The fraudsters behind VASTFLUX had a deep understanding of the digital advertising ecosystem and were able to evade ad verification tags, making it harder for the scheme to be detected.
HUMAN's successful takedown of VASTFLUX highlights the power of modern defense and collective protection in the face of increasingly sophisticated cyber threats. Businesses and individuals must stay vigilant and implement robust security measures to protect themselves from ad fraud and other cyber attacks.
https://www.humansecurity.com/company/satori-threat-intelligence/vastflux