Researchers have shut down an ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices.
“VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views,” fraud prevention firm HUMAN said.
It uses DNS evasion technique called Fast Flux and VAST, a Digital Video Ad Serving Template that’s employed to serve ads to video players.
The sophisticated operation particularly exploited the restricted in-app environments that run ads on iOS to place bids for displaying ad banners. Should the auction be won, the hijacked ad slot is leveraged to inject rogue JavaScript that establishes contact with a remote server to retrieve the list of apps to be targeted. This includes the bundle IDs that belong to legitimate apps so as to conduct what’s called as an app spoofing attack, in which a fraudulent app passes off as a highly-regarded app in an attempt to trick advertisers into bidding for the ad space.
The ultimate objective, per HUMAN, was to register views for as many as 25 video ads by layering them atop one another in a manner that’s completely invisible to the users and generate illicit revenue.
Read more about this topic at: The Hacker News