Cybersecurity experts have recently discovered and shut down a massive ad fraud campaign targeting over 11 million devices using 1,700 malicious applications from 120 publishers.
In a statement from the fraud prevention company known as HUMAN, they share that "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views."
This recently uncovered campaign, known as VASTFLUX, derives its name from it using a specific DNS evasion technique known as Fast Flux and VAST, a "Digital Video Ad Serving Template" that works to showcase ads to video game players.
What makes VASTFLUX so sophisticated compared to other schemes is that it's capable of finding restricted in-app environments. It works to exploit each item and covertly run ads on iOS to place bids for displaying ad banners. Once the auction is complete, the fake ad placement can quickly flood the device with rogue JavaScript, allowing contact with a remote server that retrieves the list of target apps found on the device.
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.
Comentários