HUMAN: THE VASTFLUX TAKEDOWN
Syndicated By Iain Fraser - Cybersecurity Journalist
via www.iainfraser.net
Any good raconteur will tell you the best stories often happen when you’re not specifically looking for them. Such is the case with the Satori Threat Intelligence and Research Team’s latest takedown of a scheme we’ve dubbed VASTFLUX. The team came across unexpected web traffic patterns passing through a popular app, and while digging through that app, the Satori team uncovered a rabbit hole that got deeper and deeper the more they explored.
What the team pieced together was an expansive malvertising operation in which the bad actors injected JavaScript into ad creatives they issued, and then stacked a whole bunch of video players on top of one another, getting paid for all of the ads when none of them were visible to the person using the device.
The now-defunct VASTFLUX is an apparent adaptation of an earlier ad fraud scheme first reported in 2020. VASTFLUX evaded ad verification tags, deploying code that prevented detection of the scheme.
VASTFLUX was a very sophisticated scheme, exploiting the restricted in-app environments that run ads, particularly on iOS. More than 1,700 apps and 120 publishers were spoofed in the course of the operation, reaching a peak volume of 12 billion ad requests a day and impacting nearly 11 million devices.
VASTFLUX’s sophistication underscores a crucial element of collective protection: the more we in the industry work together, the harder cybercriminals will have to work to make any particular scheme stick for a meaningful amount of time. To that end, VASTFLUX was dismantled through the private collaborative efforts of HUMAN, its customers, and members of the Human Collective. The Satori team will continue to track the bad actors behind the scheme and watch for new schemes like VASTFLUX, and will share further information about the bad actors with the appropriate authorities. Learn More /...
.jpg)
