Researchers at security company Human Security recently uncovered one of the largest and most sophisticated mobile ad attacks they’ve ever seen.
Millions of phones have been affected by the Vastflux ad scam. Hundreds of advertising companies and app developers have been defrauded by this program. Here are the details.
Mobile ads are crawling with scammers
Vastflux The scam ad campaign, called Human Security detected by. The ad scam does it by targeting a single ad slot rather than a user’s entire phone or entire app.
Human Security gains an ad slot when this program appears on the phone, and then adds malicious code that stacks multiple video ads on top of each other.
The end user thinks they will only see a single video ad, but behind the scenes, the attacker can actually show them up to 25 stacked video ads. Fraudsters, who will receive payment as if they are shown separately for each ad, can thus deceive advertising companies and developers.
From an end user perspective, the only clue that something is wrong might be that the battery is draining faster while all the fake ads are processing in the background of your phone.
Human security has not yet revealed the name of the group behind the attack and has not disclosed how many devices were potentially affected by the plan, but the attack likely hit multiple devices. Peaking in June 2022, the attack was capable of handling 12 billion ad requests per day.