A massive ad fraud scheme dubbed ‘VASTFLUX’ has been shut down by researchers which spoofed more than 1,700 applications from 120 publishers, mostly for iOS and affected approximately 11 million devices.
According to fraud prevention firm HUMAN, VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, that let the fraudsters to stack numerous invisible video ad players behind one another and register ad views.
The operation derived its name from the use of a DNS evasion technique called Fast Flux and VAST, a Digital Video Ad Serving Template that’s employed to serve ads to video players.
According to HUMAN’s report, Vastflux generated over 12 billion bid requests per day at its peak and impacted almost 11 million devices, many in Apple’s iOS ecosystem.
The sophisticated operation exploited the restricted in-app environments that run ads on iOS to place bids for displaying ad banners. After winning the auction, the hijacked ad slot is leveraged to inject rogue JavaScript that establishes contact with a remote server to retrieve the list of apps to be targeted.
This includes the bundle IDs that belong to legitimate apps in order to conduct an app spoofing attack, in which a fraudulent app passes off as a highly-regarded app in an attempt to trick advertisers into bidding for the ad space.
The main objective was to register views for as many as 25 video ads by layering them atop one another in a manner that’s completely invisible to the users and generate illicit revenue.
To evade detection, Vastflux omitted the use of ad verification tags, which allows marketers to generate performance metrics. By avoiding these, the scheme was made invisible to most third-party ad-performance trackers.
While ad fraud does not have a malicious impact for the app users, it causes performance drops for the device, increases the use of battery and internet data, and can even lead to device overheating.
VASTFLUX is the latest in a stretch of ad fraud botnets that have been shut down in recent years, after 3ve, PARETO, and Methbot.
Image Credits : Marketing Brew