MARKETREALIST.COM / News

Is Your Battery Getting Drained Faster? It Could be Caused by Ad Fraud That Hit 11 Million Devices

By Sahib Preet Singh
Published on : 22:00 PST, Nov 11, 2023
Is Your Battery Getting Drained Faster? It Could be Caused by Ad Fraud That Hit 11 Million Devices
Suspected Ransomware Attack Responsible for Massive Garmin Outage, Germany | Getty Images | Photo by Adam Berry

A Gillette advertisement featuring English soccer star David Beckham hangs in Times Square | Getty Images | Photo by Stephen Chernin
A Gillette advertisement featuring English soccer star David Beckham hangs in Times Square | Getty Images | Photo by Stephen Chernin

Also Read: How a Global MBA Graduate Became a TikTok Business Influencer and Serial Entrepreneur

 

In a shocking revelation, researchers uncovered a widespread ad fraud scheme called "Vastflux" that affected approximately 11 million phones. This sophisticated attack, discovered by Human Security, involved 1,700 spoofed apps, that targeted 120 publishers, and generated a staggering 12 billion false ad requests per day.

Every time you open an app or visit a website, a behind-the-scenes war takes place among advertising companies vying for your attention. These companies engage in automated advertising, where instant auctions decide which ads you see. This industry is enormous, with a whopping $418 billion spent on programmatic advertising last year. However, it's also highly susceptible to abuse.

Also Read: UBank Embraces TikTok so That Mortgage Brokers can Reach Out to a Younger Tech-Savvy Clientele

The Vastflux attack was discovered by Human Security researcher Vikas Parthasarathy in the summer of 2022 while investigating another threat. Marion Habiby, a data scientist at Human Security and the lead researcher on the case, emphasizes that the attack was both the largest and most sophisticated the company has encountered. The attackers meticulously evaded detection, targeting popular apps and inserting malicious JavaScript code into ad slots to stack multiple video ads on top of each other.

A woman uses her smartphone while waiting to board a plane at the Dallas/Fort Worth International Airport | Getty Images | Photo by Robert Alexander
A woman uses her smartphone while waiting to board a plane at the Dallas/Fort Worth International Airport | Getty Images | Photo by Robert Alexander

Also Read: Mastercard Works With Feedzai to Make Cryptocurrencies Mainstream; Here's how That can Prevent Fraud

 

The fraudsters stealthily overloaded an ad slot within affected apps, and even if phone users saw only one ad, up to 25 ads were stacked on top of each other, with the attackers being paid for each ad. This technique also drained phone batteries faster than usual, and as soon as the ad disappeared, the attack stopped, making the scam hard to detect.

At its zenith in June 2022, Vastflux inundated the advertising ecosystem with an astounding 12 billion ad requests daily. It primarily affected iOS devices but also extended to Android phones. Unfortunately, device owners had limited means to thwart the attack, as legitimate apps and advertising processes were compromised.

Human Security and its partners actively fought back against Vastflux in June and July 2022, leading to a significant drop in the number of ad requests from the attack. In December of that year, the attackers behind the scheme pulled down their servers, and no further activity has been detected since then. Identifying and disrupting the bad actors is essential, and experts emphasize that tackling cybercriminals' profitability is a key step in winning the battle against such massive ad fraud schemes.

Zach Edwards, a senior manager of threat insights at Human Security, notes that attackers in this space are becoming increasingly sophisticated. They use various tactics, including spoofing advertising details, modifying ads, and employing multiple domains to launch attacks. While the Vastflux attack was exceptional, experts argue that industry collaboration and technical measures can help reduce the effectiveness of such attacks.

https://www.linkedin.com/pulse/vastflux-biggest-ad-fraud-we-have-ever-seen-gavin-reid/
https://www.linkedin.com/pulse/vastflux-biggest-ad-fraud-we-have-ever-seen-gavin-reid/

 

The investigation into Vastflux continues, with ongoing efforts to uncover the identity of the perpetrators and understand the full extent of their profits. The ad fraud scheme is just one example of the evolving threats in the advertising industry, and combating it requires a multi-faceted approach. By cutting off attackers' sources of income, the industry aims to deter future fraudsters and protect users as well as legitimate advertisers.

More from MARKETREALIST

Hospital CEO Used Corporate Credit Cards for Personal Expenses; Here's how she got Away

TikTok Became Game Changer for a New York Business Accepting Beans as Currency; Here's How it Works

Share this article:  All About the Ad Fraud Which Affected 11 Million Devices and Also Drained Their Batteries Faster