VASTFLUX, a large-scale well-organized, and sophisticated ad fraud operation were recently taken down by cybersecurity researchers at HUMAN Security Inc.
On a daily basis, 12 billion ads are requested by VASTFLUX, which was spoofing 1,700 apps on 11 million devices, targeting 120 publishers. Several key elements of collective protection are highlighted by VASTFLUX’s sophistication.
VASTFLUX is a malvertising operation in which the attackers manipulated ad creatives by injecting JavaScript and stacking multiple video players on top of each other, getting paid for all the ads even though none of them were visible to the user.
In order to avoid ad verification tags, VASTFLUX deployed a code that prevented the scheme from being detected.
Discovery of VASTFLUX Campaign
In terms of its function, VASTFLUX combines two terms. During this operation, the VAST template was exploited to deliver digital video ads. ‘Flux’ refers to the…